CODEWITHSUNDEEP
mongodbmeteoriron-router
Sarkis Arutiunian
Sarkis Arutiunian

Reputation: 1291

How do limiting access through a iron-router in meteor app?

i have routing file which lock like:

Router.map(function(){
    this.route('gameSmall', {path: '/'});
    this.route('gameMedium', {path: '/game-medium'});
    this.route('gameLarge', {path: '/game-large'});
});

etc.

if i want to limiting access to some of path (only for some user who has password), can i configure it in router file? or only through native js in template?

Upvotes: 1

Views: 75

Answers (1)

Jos Harink
Jos Harink

Reputation: 358

Iron Router does not support limiting access by a configuration file. Instead you define access in your js source. You can limit access to routes globally and per route. Both use the onBeforeAction event to evaluate access to the route(s). onBeforeAction accepts a callback function where you write your access rule.

A global onBeforeAction event might look something like this:

Router.onBeforeAction(function() {
  if (!Meteor.isServer) {
      // Check the user. Whether logged in, but you could check user's roles as well.
      if (!Meteor.userId()) {
          this.render('pageNotFound'); // Current route cancelled -> render another page
      } else {
          this.next(); // Continue with the route -> will render the requested page
      }
  } 
}, 
{
    except: ['gameSmall']
});

Notice the except field in the second parameter. It contains an array of routes to be excluded from the onBeforeAction and therefore these are always rendered. There is also a field only which does the opposite, include routes to be evaluated by the onBeforeAction.

Also note that I used a template pageNotFound (404 page). You can define that page in IR's configuration like this:

Router.configure({
    notFoundTemplate: 'pageNotFound'
});

Upvotes: 1

Related Questions