Service hooked策略返回一个空数组,sail
我试着让工作和政策挂钩,但没有。每一个都可以工作,并且都返回next(),但是当它应该传递给控制器时,返回一个空数组,而不是设备列表 这是我的config/policies.jsService hooked策略返回一个空数组,sail,service,sails.js,hook,policies,Service,Sails.js,Hook,Policies,我试着让工作和政策挂钩,但没有。每一个都可以工作,并且都返回next(),但是当它应该传递给控制器时,返回一个空数组,而不是设备列表 这是我的config/policies.js module.exports.policies = { '*': ['isAuthorized'], // Everything resctricted here 'UserController': { 'create': true // We dont need authorization here
module.exports.policies = {
'*': ['isAuthorized'], // Everything resctricted here
'UserController': {
'create': true // We dont need authorization here, allowing public access
},
'AuthController': {
'*': true // We dont need authorization here, allowing public access
},
'device' : {
'find' : ['isAuthorized', 'isOwner']
}
};
module.exports = function (req, res, next) {
var token;
if (req.headers && req.headers.authorization) {
var parts = req.headers.authorization.split(' ');
if (parts.length == 2) {
var scheme = parts[0],
credentials = parts[1];
if (/^Bearer$/i.test(scheme)) {
token = credentials;
}
} else {
return res.json(401, {err: 'Format is Authorization: Bearer [token]'});
}
} else if (req.param('token')) {
token = req.param('token');
// We delete the token from param to not mess with blueprints
delete req.query.token;
} else {
return res.json(401, {err: 'No Authorization header was found'});
}
// aqui se consulta a la funcion verify del archivo jwToken.js q esta disponible dentro de services
jwToken.verify(token, function (err, token) {
if (err) return res.json(401, {err: 'Invalid Token!'});
req.token = token; // This is the decrypted token or the payload you provided
next();
});
};
module.exports = function(req, res, next) {
// User is allowed, proceed to the next policy,
// or if this is the last policy, the controller
if (req.param('pass') == 'secret') {
return next();
}
// User is not allowed
// (default res.forbidden() behavior can be overridden in `config/403.js`)
return res.forbidden('You are not permitted to perform this action.');
};