I'm writing a a meteor application right now, and am getting used to the new Iron Router package (as opposed to the router package that I used before).
I have a collection of routes that should only be accessible by users with specific properties. To be specific, I'm using the Roles package. My way of achieving this at the moment is to define a before function that runs a conditional, and redirects to a login or error page if the user doesn't have the proper role. Here's just a quick (coffeescript) example:
this.route 'home',
path: '/'
template: 'dashboard'
before: ->
unless Meteor.userId()
this.redirect 'userUnauthorized'
do this.stop
My question is, is there a better way to do this? It seems like there should be some way to add a permission set, and apply that permission set to a route as opposed to writing the access conditionals for every route.
You could setup a global "Before" in your routes. I'm not using roles in my current app, but we are redirect users globally based on whether or not they are signed in.
You could probably do something like this:
Router.before(function() {
unless(Meteor.userId()) {
this.redirect('userUnauthorized');
do (this.stop)
}
}, {except: ['userUnauthorized', 'otherPageUnauthorizedUsersAllowedToSee']});
We use something similar right below our Router.configure()
来源:https://stackoverflow.com/questions/19984651/iron-router-route-allow-deny