带有视图的基于 SailsJS 策略的路由 [英] SailsJS Policy based route with a view

问题描述

我正在尝试使用 routes.js 来定义到 '/account' 的路由.

I'm trying to use the routes.js to define a route to '/account'.

我希望任何试图访问该路径的人都通过 UserController 和 checkLogin 操作，如果安全检查通过，则应使用定义的视图是 home/account

I want whoever is trying to access that path to go through the UserController and the checkLogin action and if the security check passes, then the user should be rendered with the defined view which is home/account

这是我的代码:

routes.js:

'/account': {
    controller: 'UserController',
    action: 'checkLogin',
    view: 'home/account'
  }

policies.js:

policies.js:

UserController: {
    '*': 'isAuthenticated',
    'login': true,
    'checkLogin': true
  }

它让我出于某种原因无需通过 isAuthenticated 政策检查即可查看 /account.

It let's me view /account without going through the isAuthenticated policy check for some reason.

推荐答案

这里对于策略、控制器和视图的工作方式似乎有些混乱.正如上面@bredikhin 所指出的，您的控制器将永远不会被调用，因为该路由已绑定到视图.同样重要的是要注意，策略不能绑定到视图，只能绑定到控制器.正确的设置应该类似于:

There looks to be a little confusion here as to how policies, controllers and views work. As @bredikhin notes above, your controller will never be called because the route is being bound to a view. It's also important to note that policies cannot be bound to views, only to controllers. The correct setup should be something like:

在 config/routes.js 中:

'/account': 'UserController.account'

在 config/policies.js 中:

UserController: {
  '*': 'isAuthenticated' // will run on all UserController actions
  // or
  'account': 'isAuthenticated' // will run just on account action
}

在api/policies/isAuthenticated.js中:

    module.exports = function(req, res, next) {

     // Your auth code here, returning next() if auth passes, otherwise
     // res.forbidden(), or throw error, or redirect, etc.

    }

在api/controllers/UserController.js中:

module.exports = {

  account: function(req, res) {

     res.view('home/account');

  }
}

这篇关于带有视图的基于 SailsJS 策略的路由的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！