im tryng to make works two hooked policies, but doesnt. Each of these works, and both return next(), but then, when it supposed pass to a controller, return it an empty array instead of the list of devices Here's my config/policies.js
module.exports.policies = {
'*': ['isAuthorized'], // Everything resctricted here
'UserController': {
'create': true // We dont need authorization here, allowing public access
},
'AuthController': {
'*': true // We dont need authorization here, allowing public access
},
'device' : {
'find' : ['isAuthorized', 'isOwner']
}
};
this is my policies. policies/isAuthorized.js
module.exports = function (req, res, next) {
var token;
if (req.headers && req.headers.authorization) {
var parts = req.headers.authorization.split(' ');
if (parts.length == 2) {
var scheme = parts[0],
credentials = parts[1];
if (/^Bearer$/i.test(scheme)) {
token = credentials;
}
} else {
return res.json(401, {err: 'Format is Authorization: Bearer [token]'});
}
} else if (req.param('token')) {
token = req.param('token');
// We delete the token from param to not mess with blueprints
delete req.query.token;
} else {
return res.json(401, {err: 'No Authorization header was found'});
}
// aqui se consulta a la funcion verify del archivo jwToken.js q esta disponible dentro de services
jwToken.verify(token, function (err, token) {
if (err) return res.json(401, {err: 'Invalid Token!'});
req.token = token; // This is the decrypted token or the payload you provided
next();
});
};
And policies/isOwner.js, which one is only a test for the moment
module.exports = function(req, res, next) {
// User is allowed, proceed to the next policy,
// or if this is the last policy, the controller
if (req.param('pass') == 'secret') {
return next();
}
// User is not allowed
// (default res.forbidden() behavior can be overridden in `config/403.js`)
return res.forbidden('You are not permitted to perform this action.');
};
I hope for your helpfull and sorry for my bad english.