Meteor Community Logo

Meteor Community

Packosphere

undefined's Avatar

ostrio:iron-router-protected

v1.1.0Published 9 years ago

This package has not had recent updates. Please investigate it's current state before committing to using it in your project.

Protected and restricted routes within iron-router

Create protected and user-roles restricted routes within iron-router. For roles-restricted routes, please see meteor-roles, you need to install meteor-roles separately to use it.

This package supports protected option defined in, list ordered by prioritization:

  • Router.route() [overrides all]
  • RouteController.extend()
  • Router.configure() [might be overridden by any above]

Install:

meteor add ostrio:iron-router-protected

API:

Router.configure, Router.route, and RouteController will use next properties:

  • authTemplate {String} - Name of the template to render, when access is denied
  • authRoute {String} - Route where user will be redirected, when access is denied
  • authCallback {Function} - This function will be triggered on each route, with current route-object as a context and two arguments:
    • accessGranted {Boolean|null} - true if access is granted
    • error {Object|null} - Object with error and reason properties, if access is denied
      • error - 401 or 403. 401 when access denied as for unauthorized user (). 403 when access denied by role (Not enough rights).

Note: Don't use authTemplate and authRoute at the same time. If authTemplate and authRoute is both presented - only authTemplate will be used and rendered.

Usage:

Create config:

1Router.configure
2  authTemplate: 'loginForm' # Render login form
3  # authRoute: '/admin/login' # Redirect to login form
4  protected: true # Deny access for unauthorized users on all routes
5  allowAccess: ['admin'] # Restrict access by role on all routes
6  authCallback: (accessGranted, error)->
7    console.log accessGranted, error
8  layoutTemplate: '_layout'
9  notFoundTemplate: '_404'
10  loadingTemplate: 'loading'

Create protected route:

1Router.route 'admin',
2  template: 'admin'
3  path: '/admin'
4  protected: true # Deny access for unauthorized users
5  allowAccess: ['admin'] # Restrict access by role

Override default options:

1Router.route 'admin',
2  template: 'admin'
3  path: '/admin'
4  authTemplate: undefined # Do not render
5  authRoute: '/admin/login' # Redirect to login form
6  protected: true # Deny access for unauthorized users

If all routes is protected, give access to loginForm:

1Router.route 'loginForm',
2  template: 'loginForm'
3  path: '/admin/login'
4  protected: false # Allow access to this route

Options can be defined on controllers:

1LocationController = RouteController.extend(protected: true)
2Router.route 'locations',
3  controller: LocationController # Will be protected

Options on routes will override controller options:

1Router.route 'location',
2  controller: 'LocationController'
3  protected: false # Won't be protected