Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect in route on reload #38

Closed
floqqi opened this issue Mar 3, 2016 · 3 comments
Closed

Redirect in route on reload #38

floqqi opened this issue Mar 3, 2016 · 3 comments

Comments

@floqqi
Copy link

floqqi commented Mar 3, 2016

I'm using ember-simple-auth for authentication. Wanted to protect admin-routes.

Following the documentation, I have something like this:

// app/routes/super-protected-route.js

import Ember from 'ember';
import { CanMixin } from 'ember-can';
import AuthenticatedRouteMixin from 'ember-simple-auth/mixins/authenticated-route-mixin';

export default Ember.Route.extend(AuthenticatedRouteMixin, CanMixin, {
  beforeModel() {
    this._super(...arguments);
    if (!this.can('see super-protected-thing')) {
      return this.transitionTo('index');
    }
  },
});
// app/abilities/super-protected-thing.js

import Ember from 'ember';
import { Ability } from 'ember-can';

export default Ability.extend({
  user: Ember.computed('session.currentUser', function () {
    return this.get('session.currentUser');
  }).readOnly()

  canSee: Ember.computed('user.isAdmin', function () {
    return this.get('user.isAdmin');
  }),
});

User is loaded by the SessionService:

// app/services/session.js

import Ember from 'ember';
import SessionService from 'ember-simple-auth/services/session';

export default SessionService.extend({
  store: Ember.inject.service(),

  currentUser: Ember.computed('data.authenticated.user_id', function () {
    const userID = this.get('data.authenticated.user_id');
    return this.get('store').findRecord('user', userID);
  }).readOnly()
});

If the admin is logged in and refreshes the page he get's redirected to index because the currentUser is not loaded when the SuperProtectedRoute enters beforeModel().

How to fix this?
@ssulistyo
Copy link

we had a similar problem and fixed it among some other things by moving to afterModel
#37

@floqqi
Copy link
Author

floqqi commented Mar 6, 2016

Hm, that might work. I'm not sure I'm really comfortable with loading a model an user shouldn't have access to. I'll ditch deeper in this tomorrow and give some feedback. Thanks anyway, @ssulistyo!

@Exelord
Copy link
Collaborator

Exelord commented Apr 4, 2018

Thats easy :) Fetch the user before:

// app/routes/super-protected-route.js

import Ember from 'ember';
import { CanMixin } from 'ember-can';
import AuthenticatedRouteMixin from 'ember-simple-auth/mixins/authenticated-route-mixin';

export default Ember.Route.extend(AuthenticatedRouteMixin, CanMixin, {
  session: Ember.inject.service(),

  beforeModel() {
    this._super(...arguments);

    return this.get('service.currentUser').then(() => {
       if (!this.can('see super-protected-thing')) {
          return this.transitionTo('index');
      }
    });
  },
});

I'm closing it as it's not related to ember-can anymore, just to data management.

@Exelord Exelord closed this as completed Apr 4, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@floqqi @Exelord @ssulistyo