sails-permissions: Permissions ignored in custom User.find

If I put the following in my own UserController permissions seem to be ignored and a user making a request to /user can see all users

module.exports = {
  find: function(req, res) {
    User.find().then(function (users) {
      res.ok(users);
    });
  }
}

If I remove this they only can view their own.

About this issue

  • Original URL
  • State: open
  • Created 8 years ago
  • Comments: 15 (3 by maintainers)

Most upvoted comments

OK thanks for letting me know, massively disappointing though.

+1
dottodot on Mar 13, 2016
Read more comments on GitHub
← dylint: `cargo dylint my_lints` produces `Error: expected more input` while parsing crate versions after updating `rustc`
docker-volume-plugins: VolumeDriver.Mount: error mounting data: exit status 1 →