samedi 30 mai 2015

Hanlding access control in ember routing

I have two routes in this app that are backed by models that have access control logic on the rails side. So when they first load into the application, they've got an isUnlocked property that I check after the model loads. If the property is not unlocked, the route should redirect.

So if my router is something like:

this.route('thing', { path: 'thing/:thing_id' }, function() {
  this.route('resource', { path: 'resource/:resource_id' });
});

And my "resource" route extends something like this:

import AuthenticatedRoute from 'doki/routes/authenticated';

export default AuthenticatedRoute.extend({

  requireDean: false,

  activate() {
    this._super();
    this.checkAccess();
  },

  afterModel() {
    this._super();
    this.checkAccess();
  },

  resetController() {
    this._super();
    this.checkAccess();
  },

  checkAccess() {
    // here is where I'll check the model's isUnlocked property and 
    // redirect if it's false or not set
    console.log('checkAccess');
  }

});

When I enter /thing/1/resource/1, the model for resource=1 is loaded by the ThingResourceRoute, but if resource=2 is already loaded in the store, if I click over to /thing/1/resource/2, activate doesn't fire, setupController doesn't fire, etc, so I'm not sure where to do the checkAccess() test.

What's the best place to check the isUnlocked property whenever the URL changes, because "activate", "resetController", et al, don't fire when the URL changes to the same route but a different item that has a different isUnlocked property.

Is there a hook that I can implement that will always be called? Putting an access check in renderTemplate seems like it'd work, but that doesn't seem like the right place.

Should I just invalidate the model after updating the model via an API call? If I set isUnlocked to true locally (and don't persist the model via the API), where would I add the check for that in the route/controller chain that it would always check every time it tries to "access" that model?




Aucun commentaire:

Enregistrer un commentaire