Meteor Community Logo

Meteor Community

Packosphere

undefined's Avatar

ostrio:iron-router-protected

v1.1.5Published 10 years ago

This package has not had recent updates. Please investigate it's current state before committing to using it in your project.

Protected and restricted routes within iron-router

Create protected and user-roles restricted routes within iron-router. For roles-restricted routes, please see meteor-roles, you need to install meteor-roles separately to use it.

This package supports protected option defined in list below, ordered by prioritization:

  • Router.route() [overrides all]
  • RouteController.extend()
  • Router.configure() [might be overridden by any above]

Install:

meteor add ostrio:iron-router-protected

Demo app

API:

Router.configure, Router.route, and RouteController will use next properties:

  • protected {Boolean} - Make route explicitly protected for all unauthorized users
  • authTemplate {String} - Name of the template to render, when access is denied
  • authRoute {String} - Route where user will be redirected, when access is denied
  • allowedRoles {[String]} - Array of roles, which have access to route
  • allowedGroup {String} - Name of the role-group, which have access to route. Note: use only with allowedRoles property, if allowedRoles is not defined check by allowedGroup will be omitted
  • authCallback {Function} - This function will be triggered on each route, with current route-object as a context and two arguments:
    • error {Object|null} - Object with error and reason properties, if access is denied
      • error - 401 or 403. 401 when access denied as for unauthorized user (Unauthorized. Permission denied). 403 when access denied by role (Forbidden. Not enough rights).
    • isGranted {Boolean|null} - true if access is granted
    • return false to prevent further code execution and rendering
    • return true to continue default behavior

Note: Don't use authTemplate and authRoute at the same time. If authTemplate and authRoute is both presented - only authTemplate will be used and rendered.

Usage:

Create config:

1Router.configure({
2  // Render login form
3  authTemplate: 'loginForm',
4  // Redirect to login form, by exact route or route-name
5  authRoute: '/admin/login',
6  // Deny access for unauthorized users on all routes
7  "protected": true,
8  // Restrict access by array of roles on all routes
9  allowedRoles: ['admin'],
10  // Restrict access by role and role-group. 
11  // Use only with `allowedRoles` property, otherwise check on group is omitted
12  allowedGroup: Roles.GLOBAL_GROUP,
13  // This callback triggered each time when access is granted or forbidden for user
14  authCallback: function(error, isGranted) {
15    return console.log(error, isGranted);
16  },
17
18  // Common options:
19  layoutTemplate: '_layout',
20  notFoundTemplate: '_404',
21  loadingTemplate: 'loading'
22});

Create protected route:

1Router.route('admin', {
2  template: 'admin',
3  path: '/admin',
4  "protected": true, // Deny access for unauthorized users
5  allowedRoles: ['admin'] // Restrict access by role
6});

Override default options:

1Router.route('admin', {
2  template: 'admin',
3  path: '/admin',
4  authTemplate: null, // Do not render
5  authRoute: '/admin/login', // Redirect to login form
6  "protected": true // Deny access for unauthorized users
7});

If all routes is protected, give access to loginForm:

1Router.route('loginForm', {
2  template: 'loginForm',
3  path: '/admin/login',
4  "protected": false // Allow access to this route for anyone
5});

Options can be defined on controllers:

1var LocationController = RouteController.extend({
2  "protected": true
3});
4
5Router.route('locations', {
6  controller: LocationController // Will be protected
7});

Options on routes will override controller options:

1Router.route('location', {
2  controller: 'LocationController',
3  "protected": false // Won't be protected
4});