Ember: Applications with user login

0
votes

How should I construct the Router for an Application with customer login?

The application requires login to access the following routes: Books, Book, Chapters, ChapterCategory, Chapter.

The routes About and Home not require the user to be logged.

App.Router.map(function() {
  this.resource('application', function() {
    this.resource('home');
    this.resource('books');
    this.resource('book', {path: '/:book_id'});
    this.resource('chapters');
    this.resource('chapterCategory', {path: 'chapter/:chapter_type'});
    this.resource('chapter', {path: '/:chapter_id'}); 
    this.resource('about', {path: '/aboutus' });
  });
  this.route('catchall', {path: '/*wildcard'});
});

When the user is logged, his name is added to the right of the main menu which is implemented in the Application template. Hence, the Application route is extracting the user information. If the user is not logged, the application model does not return anything.

Questions:

  1. It there any special considerations to be aware of when defining a model in the Application route?

  2. How could the application template, where the customer name is displayed in the navigation menu be updated if the application route does not try to extract the user information?

  3. How do you implement user login in you own Ember applications? Do you create a User route and nest the routes requiring login under it?

Thanks

1
ember.js

1 Answers

1
votes

I would recommend reading the Authentication with EmberJS, or looking at Ember Torii and Ember Simple Auth add-on.

To answer your questions:

  1. Doing auth properly you will have a session object injected into your routes and controllers.
  2. You will have a session object which your views can use.
  3. You could keep it simple and just implement a top level login route, but your route path could be '/user/login' if you really want that.

After using Ember Simple Auth through a number of versions I would be inclined to implement auth from scratch as per the article as you end up with far less runtime code, you have full control, you can support multiple sessions to different API endpoints (eg third party services) if required, and less fighting if you want to support privilege escalation for sensitive/high-value/high-risk operations depending on your application requirements.