Access control implementation

5 views
Skip to first unread message

Daniele Salvatore

unread,
Mar 6, 2015, 10:00:48 AM3/6/15
to chapl...@googlegroups.com
Hello there,

I would like to implement a basic access control system using the beforeAction() method of controllers.

Given this scenario:

ChaplinJS 1.0.1

Pages:
index.html (public)
index.html#private (private)

Routes
match('', 'index#show');
match('private', 'private#show');

private-controller.js inherits from a parent controller as it happens in https://github.com/chaplinjs/chaplin-boilerplate-plain.
the beforeAction() method of the private-controller.js is implemented as a JS promise using the RSVP.js library and it is correctly resolved. 

How can I stop the show() method call if the promise is rejected? 
On my reject function a redirectTo() is called to bring back the user to the index. 

Another issue is that the redirectTo() seems to work just during the first time it is called, so if I type #private on the URL the page is displayed with no consideration of the rejection of the control check and the redirectTo() call.

In case there is some reference about how to implement an access control system with ChaplinJS could you link it as reply?

Here is the code in which the promise always rejects, like if the user has not the rights to see its content. 

 var privateController = Controller.extend({

        beforeAction: function () {
    
            Controller.prototype.beforeAction.apply(this, arguments);

            return this.performAccessControlChecks().then(
                _.bind(this.allowAccessControl, this), _.bind(this.denyAccessControl, this))
        },

         performAccessControlChecks: function () {

            return new RSVP.Promise(function (fulfilled, rejected) {

                rejected();
                return;

                //not reachable
                fulfilled();
            });
        }

        allowAccessControl: function () {
            console.log("private#allowAccessControl")
        },

        denyAccessControl: function () {
            console.log("private#denyAccessControl")
            Chaplin.utils.redirectTo('index#show')
         },

        show: function (params, route, options) {
            console.log("private#show")

            this.view = new View({
               ...
            });
        },
        ...

Reply all
Reply to author
Forward
0 new messages