Permalink
Browse files

isAuthenticated policy

  • Loading branch information...
jorgecasar committed Jan 19, 2014
1 parent 01e14ef commit e58ea71cc3f566287e67e64eaabbf1838652912c
Showing with 21 additions and 11 deletions.
  1. +5 −0 api/controllers/UserController.js
  2. +6 −8 api/policies/isAuthenticated.js
  3. +10 −3 config/policies.js
@@ -76,6 +76,11 @@ module.exports = {
// Schema is true, then we will save that we need.
User.create( req.params.all(), function createdUser(err, user){
if (err) return next(err);
+ // Set autenticated to true.
+ req.session.authenticated = true;
+ // save the user data in the session.
+ req.session.user = user;
+ // Redirect to the user page.
// Response JSON if needed.
// Status 201 is Created.
if (req.wantsJSON) return res.json(201, user);
@@ -9,13 +9,11 @@
*/
module.exports = function(req, res, next) {
- // User is allowed, proceed to the next policy,
- // or if this is the last policy, the controller
- if (req.session.authenticated) {
- return next();
- }
+ // User is allowed, proceed to the next policy,
+ // or if this is the last policy, the controller
+ if (req.session.authenticated) return next();
- // User is not allowed
- // (default res.forbidden() behavior can be overridden in `config/403.js`)
- return res.forbidden('You are not permitted to perform this action.');
+ // User is not allowed
+ // (default res.forbidden() behavior can be overridden in `config/403.js`)
+ return res.forbidden('You are not permitted to perform this action.');
};
View
@@ -14,9 +14,16 @@
module.exports.policies = {
- // Default policy for all controllers and actions
- // (`true` allows public access)
- '*': true
+ // Default policy for all controllers and actions
+ // (`true` allows public access)
+ '*': true,
+ UserController: {
+ '*': 'isAuthenticated',
+ create: true,
+ new: true,
+ auth: true,
+ login: true
+ }
/*
// Here's an example of adding some policies to a controller

0 comments on commit e58ea71

Please sign in to comment.