I'm developing an application in Sails.js, where I have two kinds of users; ordinary users (who should be able to view their own profile), and administrators (who should be able to view/edit/delete every users' profile). For authentication, I've followed this example.
Currently, I'm using the blueprints to directly access this information via a view /views/user/show/userID, e.g. /views/user/show/ + user.id, where the view displays information based on the userID provided (e.g. <%= user.name %>. Currently, anyone can access any profile due to this.
I need to limit access so that a "regular" user only has access to his/her own profile, as well as not be able to edit/delete other users.
I'm not sure how exactly to do this, and I've tried using custom routes, without success.
Any suggestion/answer will be greatly appreciated.
via Morten Amundsen
No comments:
Post a Comment