Protected and restricted routes within iron-router
Create protected and user-roles restricted routes within iron-router.
For roles-restricted routes, please see meteor-roles
, you need to install meteor-roles
separately to use it.
This package supports protected
option defined in list below, ordered by prioritization:
Router.route()
[overrides all]RouteController.extend()
Router.configure()
[might be overridden by any above]
Install:
meteor add ostrio:iron-router-protected
Demo app
- Source
Live: http://iron-router-protected.meteor.com(We are looking for free hosting for this demo)
API:
Router.configure
, Router.route
, and RouteController
will use next properties:
protected
{Boolean} - Make route explicitly protected for all unauthorized usersauthTemplate
{String} - Name of the template to render, when access is deniedauthRoute
{String} - Route where user will be redirected, when access is deniedallowedRoles
{[String]} - Array of roles, which have access to routeallowedGroup
{String} - Name of the role-group, which have access to route. Note: use only withallowedRoles
property, ifallowedRoles
is not defined check byallowedGroup
will be omittedauthCallback
{Function} - This function will be triggered on each route, with current route-object as a context and two arguments:error
{Object|null} - Object witherror
andreason
properties, if access is deniederror
-401
or403
.401
when access denied as for unauthorized user (Unauthorized. Permission denied).403
when access denied by role (Forbidden. Not enough rights).
isGranted
{Boolean|null} -true
if access is granted- return
false
to prevent further code execution and rendering - return
true
to continue default behavior
Note: Don't use authTemplate
and authRoute
at the same time. If authTemplate
and authRoute
is both presented - only authTemplate
will be used and rendered.
Usage:
Create config:
1Router.configure({ 2 // Render login form 3 authTemplate: 'loginForm', 4 // Redirect to login form, by exact route or route-name 5 authRoute: '/admin/login', 6 // Deny access for unauthorized users on all routes 7 "protected": true, 8 // Restrict access by array of roles on all routes 9 allowedRoles: ['admin'], 10 // Restrict access by role and role-group. 11 // Use only with `allowedRoles` property, otherwise check on group is omitted 12 allowedGroup: Roles.GLOBAL_GROUP, 13 // This callback triggered each time when access is granted or forbidden for user 14 authCallback: function(error, isGranted) { 15 return console.log(error, isGranted); 16 }, 17 18 // Common options: 19 layoutTemplate: '_layout', 20 notFoundTemplate: '_404', 21 loadingTemplate: 'loading' 22});
Create protected route:
1Router.route('admin', { 2 template: 'admin', 3 path: '/admin', 4 "protected": true, // Deny access for unauthorized users 5 allowedRoles: ['admin'] // Restrict access by role 6});
Override default options:
1Router.route('admin', { 2 template: 'admin', 3 path: '/admin', 4 authTemplate: null, // Do not render 5 authRoute: '/admin/login', // Redirect to login form 6 "protected": true // Deny access for unauthorized users 7});
If all routes is protected, give access to loginForm
:
1Router.route('loginForm', { 2 template: 'loginForm', 3 path: '/admin/login', 4 "protected": false // Allow access to this route for anyone 5});
Options can be defined on controllers:
1var LocationController = RouteController.extend({ 2 "protected": true 3}); 4 5Router.route('locations', { 6 controller: LocationController // Will be protected 7});
Options on routes will override controller options:
1Router.route('location', { 2 controller: 'LocationController', 3 "protected": false // Won't be protected 4});