Skip to content


Authorization is the process of granting or denying access to specific resources or actions based on a user's authenticated identity.

Example Use Cases

  • Admin access control: Authorizing certain users to access and manage administrative functionalities.
  • Content permissions: Granting or denying users access to specific content or features based on their roles.
  • Secure transactions: Allowing authorized users to perform secure transactions or financial operations.

Authorization within The Boring JavaScript Stack is orchestrated server-side through Sails Policies. These policies act as a shield, safeguarding your actions against unauthorized access.

A common scenario involves permitting a user to access your dashboard exclusively when authenticated. To implement this, you can establish a api/policies/is-authenticated.js policy and then configure the actions you wish the policy to safeguard in config/policies.js:

module.exports = async function (req, res, proceed) {
  if (req.session.userId) return proceed()
  return res.redirect('/login')
module.exports.policies = {
  'dashboard/*': 'is-authenticated'


Learn more about using policies for authorization on the Sails docs.

All open source projects are released under the MIT License.