ember-unauthorized

Ember Mixins for handling unauthorized access to application content

Usage no npm install needed!

<script type="module">
  import emberUnauthorized from 'https://cdn.skypack.dev/ember-unauthorized';
</script>

README

Ember-Unauthorized

Build Status Ember Observer Score Dependency Status Code Climate Codacy Badge

Ember Mixins for handling unauthorized access to application content

View Demo

Usage

Ember-Unauthorized currently provides two mixins: access and route-access. The former provides the base implementation of this addon, with the latter providing route-specific code such as transitioning to an unauthorized route. The examples below will use the route-access mixin, but you can customize your experience by using access directly or creating more mixins for different scenarios. We welcome contributions if you think you have a common use-case!

With Feature Flags

This addon has been optimized for use with Ember-Feature-Flags:

// routes/user-list.js
import Ember from 'ember';
import RouteAccessMixin from 'ember-unauthorized/mixins/route-access';

export default Ember.Route.extend(RouteAccessMixin, {
    requiredFeatures: ['userList']
});

If you are using a customized key name to access your feature flags, import the mixin into your app and set featuresKey:

// mixins/route-access.js
import Ember from 'ember';
import RouteAccessMixin from 'ember-unauthorized/mixins/route-access';

export default Ember.Mixin.create(RouteAccessMixin, {
    featuresKey: 'featureFlags'
});

Then import RouteAccessMixin from 'my-app-name/mixins/route-access'; instead of taking it directly from the addon.

It is also easy to use other feature flag implementations. Simply override isFeatureDisabled:

// mixins/route-access.js
import Ember from 'ember';
import RouteAccessMixin from 'ember-unauthorized/mixins/route-access';

export default Ember.Mixin.create(RouteAccessMixin, {
    isFeatureDisabled(key) {
        return this.get('featureService').hasFeature(key); // Insert custom implementation here
    }
});

Custom Authorization

Sometimes access to routes isn't solely determined by feature flags, such as through user role access control. To address this, Ember-Unauthorized allows you to optionally implement an authorize method that returns true if the content is authorized for the user.

// route/admin.js
import Ember from 'ember';
import RouteAccessMixin from 'ember-unauthorized/mixins/route-access';

export default Ember.Route.extend(RouteAccessMixin, {
    authorize() {
        return this.get('user').isAdmin(); // Your custom authorization code
    }
});

Routes

The route-access mixin defines some default behavior for accessing unauthorized routes. When a user's authorization fails, the mixin will automatically transition them to the unauthorized route. If your application uses a different route for this behavior, it can be customized via unauthorizedRoute:

// route/foo.js
import Ember from 'ember';
import RouteAccessMixin from 'ember-unauthorized/mixins/route-access';

export default Ember.Route.extend(RouteAccessMixin, {
    requiredFeatures: ['foo'],
    unauthorizedRoute: 'error'
});

Furthermore, if you do not want a transition to take place or need to add additional behavior, override the unauthorized method:

// route/foo.js
import Ember from 'ember';
import RouteAccessMixin from 'ember-unauthorized/mixins/route-access';

export default Ember.Route.extend(RouteAccessMixin, {
    requiredFeatures: ['foo'],
    unauthorized() {
        this.notifications.send('You are not authorized to view this content'); // Custom behavior goes here
    }
});

Contributing

This section outlines the details of collaborating on this Ember addon.

Installation

  • git clone this repository
  • cd ember-unauthorized
  • npm install
  • bower install

Running The Demo Application

Running Tests

  • npm test (Runs ember try:each to test your addon against multiple Ember versions)
  • ember test
  • ember test --server

Building

  • ember build

For more information on using ember-cli, visit https://ember-cli.com/.