Meteor Community Logo

Meteor Community

Packosphere

undefined's Avatar

ostrio:iron-router-protected

v1.0.2Published 9 years ago

This package has not had recent updates. Please investigate it's current state before committing to using it in your project.

Protected and restricted routes within iron-router

Create protected and user-roles restricted routes within iron-router. For roles-restricted routes, please see meteor-roles, you need to install meteor-roles separately to use it.

Install:

meteor add ostrio:iron-router-protected

API:

Router.configure and Router.route will use next properties:

  • authTemplate {String} - Name of the template to render, when access is denied
  • authRoute {String} - Route where user will be redirected, when access is denied
  • authCallback {Function} - This function will be triggered on each route, with current route-object as a context and two arguments:
    • accessGranted {Boolean|null} - true if access is granted
    • error {Object|null} - Object with error and reason properties, if access is denied
      • error - 401 or 403. 401 when access denied as for unauthorized user (). 403 when access denied by role (Not enough rights).

Note: Don't use authTemplate and authRoute at the same time. If authTemplate and authRoute is both presented - only authTemplate will be used and rendered.

Usage:

Create config:

1Router.configure
2  authTemplate: 'loginForm' # Render login form
3  # authRoute: '/admin/login' # Redirect to login form
4  protected: true # Deny access for unauthorized users on all routes
5  allowAccess: ['admin'] # Restrict access by role on all routes
6  authCallback: (accessGranted, error)->
7    console.log accessGranted, error
8  layoutTemplate: '_layout'
9  notFoundTemplate: '_404'
10  loadingTemplate: 'loading'

Create protected route:

1Router.route 'admin',
2  template: 'admin'
3  path: '/admin'
4  protected: true # Deny access for unauthorized users
5  allowAccess: ['admin'] # Restrict access by role

Override default options:

1Router.route 'admin',
2  template: 'admin'
3  path: '/admin'
4  authTemplate: undefined # Do not render
5  authRoute: '/admin/login' # Redirect to login form
6  protected: true # Deny access for unauthorized users

If all routes is protected, give access to loginForm:

1Router.route 'loginForm',
2  template: 'loginForm'
3  path: '/admin/login'
4  protected: false # Allow access to this route