Making Authlogic with FlowRouter and Roles


#1

Hi guys. I want to make some private routes depending on what role a logged user ha but I found a problem. When I reload the page, while I’m logged in and in the right authenticated route, It redirects me to another page (/not-found). Here’s my example code:

const publicRoutes = FlowRouter.group({ name: 'public' });

const loggedRoutes = publicRoutes.group({
  name: 'logged-group',
  triggersEnter: [(context, redirect) => {
    if (!Meteor.loggingIn() && !Meteor.userId()) {
      console.log('NOT AUTHENTICATED');
      redirect('/');
    }
  }],
});

const adminGroup = loggedRoutes.group({
  prefix: '/admin',
  name: 'admin-group',
  triggersEnter: [(context, redirect) => {
    Tracker.autorun(() => {
      if (!Roles.userIsInRole(Meteor.userId(), ['blogAdmin'])) {
        redirect('/not-found');
      }
    });
  }],
});

#2

Assuming with flowrouter you are using blaze.

I find doing your auth check in the template is reliable:

{{#if currentUser}}
    {{#if authorizationHelper userID authorizationLevel}}
        {{> authorized_template}}
    {{else}}
        {{> not_authorized_template}}
    {{#if}}
{{else}}
    {{> not_logged_in_template}}
{{#if}}

Though I would welcome feedback on this.


#3

I thought on using that, but… if i want to use it on N pages, I need to replicate this pattern instead of using it on router level. Is there any option to make this reusable?


#4

Yes, in your main template file:

      {{#if loggingIn}}
        {{>Loading}}
      {{else}}
        {{#if currentUser}}
          {{> Template.dynamic template=main}}
        {{else}}
          {{>Signup}}
        {{/if}}
      {{/if}}

Then just check for auth in specific template files.


#5

For me this can’t be possible, since I have a main template (or main layout) that englobes all templates, with authentication and without authentication. With your solution, I’ll need to make one layout for each logged and not logged routes…right?


#6

I think you all are introducing a big amount of complexity.

  1. You should do these checks in pubs and methods also. So even if the user gets to the template, he can do sh!t.
  2. As soons as the user enter, you check the auth level.
  3. Redirect the user when he logs out.

#7

Actually that’s more complexity than just “see if you can go to this route before you can subscribe or render data”. Ofc I need to do those checks in pubs and methods, but actually, I just need to check if a logged user can “see” a determined route or “it don’t exists” for that user…


#8

I don’t really understand the structure of your application - but if you can’t restructure your templates, what’s the point in having them?


#9

I can restructure them. But the only thing that changes between 2 or more layouts for this prupose are the authentication logic, so, it seems to me to re-doing the same view for one simple change :confused:(same menu, same sidebar, same footer, different authentication logic)


#10

I’d be interested to see the structure of your templates. I think you might be over complicating it.