So, I was in need of a piece of code that would prevent anyone from deleting anything in my SailsJS api.

Sails is so super simple that you would expect something like that in the blueprint configuration, but thats unfortunately not correct. However, of course this is possible;

Its in fact very simple, in the main API folder create a folder called “blueprints”. In it, place a file called destroy.js. All calls to the function destroy (which is hooked by Sails for every DELETE verb request), will now use whatever code is in this file before executing something else.

Put in this file the following code to send a 403 status with the message “Not Allowed” and no one will be able to delete anything from your API anymore.

/**
 * destroyAction
 *
 * @author :: Chilion Snoek <c.snoek@texemus.nl>
 * @description :: Prevent anyone from deleting anything
 */

module.exports = function(req, res) {
    res.status(403)
    return res.send("Not allowed");
};

Of course you can do this for other requests, here are the file names you can use.

add.js
create.js
destroy.js
find.js
findOne.js
populate.js
remove.js
update.js

You can check this out at Github