Meteor Community Logo

Meteor Community

Packosphere

undefined's Avatar

ostrio:iron-router-protected

v1.1.1Published 10 years ago

This package has not had recent updates. Please investigate it's current state before committing to using it in your project.

Protected and restricted routes within iron-router

Create protected and user-roles restricted routes within iron-router. For roles-restricted routes, please see meteor-roles, you need to install meteor-roles separately to use it.

This package supports protected option defined in list below, ordered by prioritization:

  • Router.route() [overrides all]
  • RouteController.extend()
  • Router.configure() [might be overridden by any above]

Install:

meteor add ostrio:iron-router-protected

API:

Router.configure, Router.route, and RouteController will use next properties:

  • authTemplate {String} - Name of the template to render, when access is denied
  • authRoute {String} - Route where user will be redirected, when access is denied
  • authCallback {Function} - This function will be triggered on each route, with current route-object as a context and two arguments:
    • accessGranted {Boolean|null} - true if access is granted
    • error {Object|null} - Object with error and reason properties, if access is denied
      • error - 401 or 403. 401 when access denied as for unauthorized user (). 403 when access denied by role (Not enough rights).

Note: Don't use authTemplate and authRoute at the same time. If authTemplate and authRoute is both presented - only authTemplate will be used and rendered.

Usage:

Create config:

1Router.configure
2  authTemplate: 'loginForm' # Render login form
3  # authRoute: '/admin/login' # Redirect to login form
4  protected: true # Deny access for unauthorized users on all routes
5  allowAccess: ['admin'] # Restrict access by role on all routes
6  authCallback: (accessGranted, error)->
7    console.log accessGranted, error
8  layoutTemplate: '_layout'
9  notFoundTemplate: '_404'
10  loadingTemplate: 'loading'

Create protected route:

1Router.route 'admin',
2  template: 'admin'
3  path: '/admin'
4  protected: true # Deny access for unauthorized users
5  allowAccess: ['admin'] # Restrict access by role

Override default options:

1Router.route 'admin',
2  template: 'admin'
3  path: '/admin'
4  authTemplate: undefined # Do not render
5  authRoute: '/admin/login' # Redirect to login form
6  protected: true # Deny access for unauthorized users

If all routes is protected, give access to loginForm:

1Router.route 'loginForm',
2  template: 'loginForm'
3  path: '/admin/login'
4  protected: false # Allow access to this route

Options can be defined on controllers:

1LocationController = RouteController.extend(protected: true)
2Router.route 'locations',
3  controller: LocationController # Will be protected

Options on routes will override controller options:

1Router.route 'location',
2  controller: 'LocationController'
3  protected: false # Won't be protected