Skip to content
This repository has been archived by the owner on Jun 15, 2023. It is now read-only.

Access Control implementation #848

Open
danielesalvatore opened this issue Mar 6, 2015 · 0 comments
Open

Access Control implementation #848

danielesalvatore opened this issue Mar 6, 2015 · 0 comments

Comments

@danielesalvatore
Copy link

Hello there,

I would like to implement a basic access control system using the beforeAction() method of controllers.

Given this scenario:

ChaplinJS 1.0.1

Pages:
index.html (public)
index.html#private (private)

Routes
match('', 'index#show');
match('private', 'private#show');

private-controller.js inherits from a parent controller as it happens in https://github.com/chaplinjs/chaplin-boilerplate-plain.
the beforeAction() method of the private-controller.js is implemented as a JS promise using the RSVP.js library and it is correctly resolved.

How can I stop the show() method call if the promise is rejected?
On my reject function a redirectTo() is called to bring back the user to the index.

Another issue is that the redirectTo() seems to work just during the first time it is called, so if I type #private on the URL the page is displayed with no consideration of the rejection of the control check and the redirectTo() call.

In case there is some reference about how to implement an access control system with ChaplinJS could you link it as reply?

Here is the code in which the promise always rejects, like if the user has not the rights to see its content.

var privateController = Controller.extend({

    beforeAction: function () {

        Controller.prototype.beforeAction.apply(this, arguments);

        return this.performAccessControlChecks().then(
            _.bind(this.allowAccessControl, this), _.bind(this.denyAccessControl, this))
    },

     performAccessControlChecks: function () {

        return new RSVP.Promise(function (fulfilled, rejected) {

            rejected();
            return;

            //not reachable
            fulfilled();
        });
    }

    allowAccessControl: function () {
        console.log("private#allowAccessControl")
    },

    denyAccessControl: function () {
        console.log("private#denyAccessControl")
        Chaplin.utils.redirectTo('index#show')
     },

    show: function (params, route, options) {
        console.log("private#show")

        this.view = new View({
           ...
        });
    },
    ...
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant