Create protected and user-roles restricted routes within iron-router.
For roles-restricted routes, please see meteor-roles
, you need to install meteor-roles
separately to use it.
This package supports protected
option defined in list below, ordered by prioritization:
Router.route()
[overrides all]RouteController.extend()
Router.configure()
[might be overridden by any above]
meteor add ostrio:iron-router-protected
Router.configure
, Router.route
, and RouteController
will use next properties:
authTemplate
{String} - Name of the template to render, when access is deniedauthRoute
{String} - Route where user will be redirected, when access is deniedauthCallback
{Function} - This function will be triggered on each route, with current route-object as a context and two arguments:accessGranted
{Boolean|null} -true
if access is grantederror
{Object|null} - Object witherror
andreason
properties, if access is deniederror
-401
or403
.401
when access denied as for unauthorized user ().403
when access denied by role (Not enough rights).
Note: Don't use authTemplate
and authRoute
at the same time. If authTemplate
and authRoute
is both presented - only authTemplate
will be used and rendered.
Create config:
Router.configure
authTemplate: 'loginForm' # Render login form
# authRoute: '/admin/login' # Redirect to login form
protected: true # Deny access for unauthorized users on all routes
allowAccess: ['admin'] # Restrict access by role on all routes
authCallback: (accessGranted, error)->
console.log accessGranted, error
layoutTemplate: '_layout'
notFoundTemplate: '_404'
loadingTemplate: 'loading'
roleGroup: Roles.GLOBAL_GROUP
Create protected route:
Router.route 'admin',
template: 'admin'
path: '/admin'
protected: true # Deny access for unauthorized users
allowAccess: ['admin'] # Restrict access by role
Override default options:
Router.route 'admin',
template: 'admin'
path: '/admin'
authTemplate: undefined # Do not render
authRoute: '/admin/login' # Redirect to login form
protected: true # Deny access for unauthorized users
If all routes is protected, give access to loginForm
:
Router.route 'loginForm',
template: 'loginForm'
path: '/admin/login'
protected: false # Allow access to this route
Options can be defined on controllers:
LocationController = RouteController.extend(protected: true)
Router.route 'locations',
controller: LocationController # Will be protected
Options on routes will override controller options:
Router.route 'location',
controller: 'LocationController'
protected: false # Won't be protected