Policies are relatively simple functions, that sit between a request, and a controller. They are responsible for end-point security, and determine if a request should continue to a controller.
To configure a policy to run before a controller, you edit config/policies.js.
See: https://sailsjs.com/documentation/concepts/policies