LogoLogo
  • Introduction
  • Features
  • Getting Started
    • Cortex User Guide
      • Organizations
      • Log in
      • Generate an API key
      • Make your first API request
      • Configure the org settings
      • Set up a data model
        • Create custom objects
        • Add custom properties
      • One-to-many relationships
      • Read and write data
      • Making a Request
      • Handling responses
      • Authentication
      • Two-factor authentication
      • Set third-party cookies
      • Connections
      • Upload files
      • Cortex iOS
      • Get started with Swift
      • Cortex service accounts
      • Cortex developer tools
      • Automated Account Notifications
  • Cortex API
    • Overview
    • Objects
      • Objects Overview
      • Organization
      • Account
      • Connections
      • Notifications
      • Stats
      • Logs
      • Export
      • Events
      • Room
    • Object Definition
      • Object Properties
        • Any
        • Binary
        • Boolean
        • Date
        • Document
        • File
        • Geometry
        • List
        • Number
        • ObjectId
        • Reference
        • String
    • Object Types
    • Access Control
    • Querying
      • Query Operators
      • Property Selection
      • Property Access
    • Aggregating
      • Aggregation Operators
    • Scripting
      • Script Types
      • Script Limits
      • ObjectId
      • CortexObject
        • Accounts
        • Views
      • Cursors
      • Operations
      • Script Modules
        • API Module
        • Base64 Module
        • Cache Module
        • Connections Module
        • Console Module
        • Consts Module
        • Counters Module
        • Crypto Module
        • HTTP Module
        • Logger Module
        • Notifications Module
        • Request Module
        • Response Module
        • SAML Module
        • Schemas Modules
        • Script Module
        • Session Module
        • Util.id Module
        • Util.ip Module
        • Util.paths Module
        • XML Module
        • Developer
        • Config
        • Renderer
        • SFTP
        • FTP
        • DB
          • Cursors
          • Driver
      • Static Methods
        • Accounts
        • Views
        • Cursors
      • Audit
      • Environments
      • HTTP Driver
      • Notifications
        • Firebase Cloud Messaging (FCM)
        • Tencent Push Notification Service Configuration
      • Televisit
      • Transforms
      • Localization
      • Available Javascript Libraries
    • Decorators
      • Runtime
        • Acl
        • As
        • Log
        • Profile
      • Static
        • Env
        • Job
        • Object
        • On
        • Policy
        • Route
        • Transform
        • Trigger
    • Expressions
      • Primer
      • Pipelines
      • Operators
      • Accumulators
      • Variables
      • Conditionals
      • Transforms
      • Triggers
      • On
      • Events
    • Faults
      • Fault Reference
  • Releases
    • Cortex Release Notes
      • Cortex API 2.28.3 (R3.4.6)
      • Cortex API 2.28.1 (R3.4.3)
      • Cortex API 2.27.2 (R3.4.1)
      • Cortex API 2.27.1 (R3.3.5)
      • SQL DB Connector 1.3.4 (R3.3.3)
      • Cortex API 2.26.2 (R3.3.1)
      • Cortex API 2.26.1 (R3.2.2)
      • Cortex API 2.26.0 (R3.2.1)
      • SQL DB Connector 1.3.3
      • Cortex API 2.25.0 (R3.1.1)
      • SQL DB Connector 1.3.2 (R3.1.0)
      • Cortex API 2.24.2 (R3.0.2)
      • SQL DB Connector 1.3.1 (R3.0.0)
      • Cortex API 2.24.1 (R2.3.3)
      • Cortex API 2.24.0 (R2.3.2)
      • SQL DB Connector 1.3.0 (R2.3.0)
      • Cortex API 2.23.0 (R2.2.4)
      • SQL DB Connector 1.2.0 (R2.2.0)
      • Cortex API 2.22.2 (R2.1.2)
      • Cortex API 2.22.1 and SQL DB Connector 1.1.1 (R2.0.1)
      • Cortex API 2.22.0
      • Cortex API 2.21.3
      • Cortex API 2.21.2
      • Cortex Web 4.16.0
      • Cortex Web 4.15.1
      • Cortex API 2.20.1
      • Cortex Web 4.14.0
      • Cortex Renderer 1.3.3
      • Cortex API 2.19.4
      • Cortex API 2.19.3 and Cortex Web 4.13.1
      • Cortex Renderer 1.3.2
      • Cortex API 2.19.1
      • Cortex API 2.18.0
      • Cortex API 2.17.6
      • Cortex API 2.17.5
      • Cortex API 2.17.4
      • Cortex API 2.17.3
      • Cortex API 2.17.2
      • Cortex API 2.17.1
      • Cortex API 2.16.0
      • Cortex API 2.15.9
      • Cortex API 2.15.8-1
      • Cortex 2.15.8
      • Cortex API 2.18.1
      • Cortex API 2.16.1
      • Cortex Renderer 1.3.1
      • Cortex Renderer 1.3.0
      • Cortex Renderer 1.2.2
      • Cortex Renderer 1.2.1
      • Cortex Renderer 1.2.0
    • Third-Party License Attribution

© 2025 Medable, Inc. All rights reserved.

On this page
  • @policy(options)
  • Method Options
  • Method Options (Transform Action)
  • Examples

Was this helpful?

  1. Cortex API
  2. Decorators
  3. Static

Policy

@policy({
  name: 'effective policy',
  action: 'Script',
  weight: 1
})
myPolicy({ runtime }) {

  return true

}

@policy(options)

Arguments

  • options { Object } Options object

    • name { String }

    • environment { String = "*" }

    • weight { Number = 0 }

    • action { String } Policy action (Script, Transform)

Method Options

  • methodOptions { Object } Options passed to the method

    • req { Object }

    • body { Object }

    • halt {Function} When called, haults the policy and exits the script

    • runtime { Object }

      • name { String }

      • environment { String = "*" }

      • weight { Number = 0 }

      • metadata { Object }

        • resource { String }

        • className { String }

        • methodName { String }

        • static { Boolean }

        • loc { Object }

          • line { String }

          • column { String }

Method Options (Transform Action)

  • methodOptions { Object } Options passed to the method

    • runtime { Object }

      • name { String }

      • environment { String = "*" }

      • weight { Number = 0 }

      • metadata { Object }

        • resource { String }

        • className { String }

        • methodName { String }

        • static { Boolean }

        • loc { Object }

          • line { String }

          • column { String }

Examples

const { policy, route, log, transform } = require('decorators'),
      { Transform } = require('runtime.transform')

class RoutePolicies {

  @policy
  static redirectPolicy = {
    name: 'c_redirect',
    priority: 1,
    methods: 'get',
    paths: '/routes/test-policy-redirect',
    action: 'Redirect',
    redirectUrl: '/routes/test-policy-after-redirect',
    weight: 1,
    trace: true
  }

  @log({ traceError: true })
  @route('POST test-route', { priority: 1 })
  testRoute({ body }) {
    return { text: 'Hi!', ...body() }
  }

  @log({ traceError: true })
  @route('GET test-route-halt', { priority: 1 })
  testHaltRoute() {
    return 'Hello!'
  }

  @log({ trace: true })
  @policy({ methods: ['post'], paths: '/routes/test-route', action: 'Script', trace: true, weight: 1 })
  testRoutePolicy({ body }) {
    if (body('end')) {
      return 'ended!'
    }
    if (body('end_throw')) {
      throw Fault.create('cortex.accessDenied.policy', { reason: 'Because!' })
    }
    if (body('end_response')) {
      return require('response').end()
    }
    body('param', 'this is a param from policy')
  }

  @log({ trace: true })
  @policy({ methods: ['get'], paths: '/routes/test-route-halt', priority: 1 })
  routeHaltPolicy({ halt }) {
    return halt()
  }

  @log({ trace: true })
  @policy({ methods: ['get'], paths: '/routes/test-route-halt' })
  routeHaltPolicy2({ halt }) {
    const res = require('response')
    res.setStatusCode(404)
    res.setHeader('Content-Type', 'application/json')
    res.end(JSON.stringify(new RangeError('no way, jesus maria!').toJSON()))
  }

  @route('GET get-all-accounts')
  getAllAccounts({ req, res, body, runtime }) {
    return org.objects.accounts.find().skipAcl(true).grant(8)
  }

  @policy
  static accountsTransform = {
    methods: ['get'], 
    paths: '/routes/get-all-accounts', 
    action: 'Transform', 
    priority: 999,
    transform: 'c_accounts_transform'
  }

}

@transform('c_accounts_transform')
class AccountsTransform extends Transform {

  each(object) {
    if (object.object === 'account' && object.email !== script.principal.email) {
      object.name.first = '*******'
      object.name.last = '*******'
    }
    return object
  }

}

Last updated 3 years ago

Was this helpful?