I am keeping this as a reference to balderdashy/sails#352
Working with SailsJS v0.10-rc5: I am trying to keep the magic of blueprint controllers while at the same time protecting some model attributes from being changed by users on the default routes.
I.e.: prevent access to the is_admin
attribute on regular CRUD routes and implement a promote
action or something similar on the UserController which makes the neccessary checks.
In order to do this, I came up with the following policy in combination with a small addition to the model definitions:
// file: api/policies/protectedAttributes.js
/**