Explicit policies (each actions'/controllers' policies override all parents)

explicit-poilcies.js

/**
* Policy defines middleware that is run before each controller/action.
* Any policy dropped into the /policies directory is made globally available through sails.policies
* Below, use the string name of the policy (for instance authenticated.js would be "authenticated")
*/
module.exports.policies = {
// Default policy (apply to everything)
  // equivalent to ['authenticated']
  '*': 'authenticated'
  
  // To access any actions in the MessageController, you must pass all policies on '*', as well as 'canMessage'
  'message': ['authenticated', 'canMessage'],
  
  
  'hotdog': {
    // To access the 'index' action in the HotdogController, 
    // you must pass all policies on '*', as well as 'hotdogQuotaNotExceeded'
    'index': ['authenticated', 'hotdogQuotaNotExceeded']
  },
 
  // On the UserController, apply all policies on '*' as well as:
  'user': {
    
    // For **ALL** actions in the UserController, you must pass 'authenticated' and 'canAccessUsers' policies (in order)
   '*': ['authenticated', 'canAccessUsers'],
   
    // To access the 'create' action, you must pass all of the * and user/* policies,
    // THEN pass the 'canCreateUsers' and 'userQuotaNotExceeded' policies (in order)
   'create': ['authenticated', 'canAccessUsers', 'canCreateUsers', 'userQuotaNotExceeded'],
   
    // To access the 'destroy' action, you must pass all of the * and user/* policies,
    // THEN pass the 'canDestroyUsers' policy
    'destroy': ['authenticated', 'canAccessUsers', 'canDestroysers']
    
  }
};