Meteor Community Logo

Meteor Community

Packosphere

undefined's Avatar

ostrio:iron-router-protected

v1.1.3Published 9 years ago

This package has not had recent updates. Please investigate it's current state before committing to using it in your project.

Protected and restricted routes within iron-router

Create protected and user-roles restricted routes within iron-router. For roles-restricted routes, please see meteor-roles, you need to install meteor-roles separately to use it.

This package supports protected option defined in list below, ordered by prioritization:

  • Router.route() [overrides all]
  • RouteController.extend()
  • Router.configure() [might be overridden by any above]

Install:

meteor add ostrio:iron-router-protected

Demo app

API:

Router.configure, Router.route, and RouteController will use next properties:

  • protected {Boolean} - Make route explicitly protected for all unauthorized users
  • authTemplate {String} - Name of the template to render, when access is denied
  • authRoute {String} - Route where user will be redirected, when access is denied
  • allowedRoles {[String]} - Array of roles, which have access to route
  • allowedGroup {String} - Name of the role-group, which have access to route. Note: use only with allowedRoles property, if allowedRoles is not defined check by allowedGroup will be omitted
  • authCallback {Function} - This function will be triggered on each route, with current route-object as a context and two arguments:
    • error {Object|null} - Object with error and reason properties, if access is denied
      • error - 401 or 403. 401 when access denied as for unauthorized user (Unauthorized. Permission denied). 403 when access denied by role (Forbidden. Not enough rights).
    • isGranted {Boolean|null} - true if access is granted
    • return false to prevent further code execution and rendering
    • return true to continue default behavior

Note: Don't use authTemplate and authRoute at the same time. If authTemplate and authRoute is both presented - only authTemplate will be used and rendered.

Usage:

Create config:

1Router.configure
2  # Render login form
3  authTemplate: 'loginForm' 
4  # Redirect to login form, by exact route or route-name
5  authRoute:  '/admin/login' 
6  # Deny access for unauthorized users on all routes
7  protected:    true 
8  # Restrict access by array of roles on all routes
9  allowedRoles: ['admin'] 
10  # Restrict access by role and role-group. 
11  # Use only with `allowedRoles` property, otherwise check on group is omitted
12  allowedGroup: Roles.GLOBAL_GROUP 
13  # This callback triggered each time when access is granted or forbidden for user
14  authCallback: (error, isGranted)->
15    console.log error, isGranted
16
17  # Common options:
18  layoutTemplate: '_layout'
19  notFoundTemplate: '_404'
20  loadingTemplate: 'loading'

Create protected route:

1Router.route 'admin',
2  template: 'admin'
3  path: '/admin'
4  protected: true # Deny access for unauthorized users
5  allowedRoles: ['admin'] # Restrict access by role

Override default options:

1Router.route 'admin',
2  template: 'admin'
3  path: '/admin'
4  authTemplate: undefined # Do not render
5  authRoute: '/admin/login' # Redirect to login form
6  protected: true # Deny access for unauthorized users

If all routes is protected, give access to loginForm:

1Router.route 'loginForm',
2  template: 'loginForm'
3  path: '/admin/login'
4  protected: false # Allow access to this route

Options can be defined on controllers:

1LocationController = RouteController.extend(protected: true)
2Router.route 'locations',
3  controller: LocationController # Will be protected

Options on routes will override controller options:

1Router.route 'location',
2  controller: 'LocationController'
3  protected: false # Won't be protected