orneryd/gist:909fa5c66002d92f1506

## gistfile1.txt
define([
  'underscore',
  'marionette'
], function(_, Marionette) {
  'use strict';

  /**
   * SecureRouter
   *
   * This class is similar to the marionette Approuter except
   * that it verifies permissions before attempting to enter
   * into routes on the controller.
   *
   * This separates the security logic from the controller and provides
   * a syntax for us to configure SPA routes with security
   *
   * constructor options:
   * isAuthorized is for you to create your own validation logic,
   * return truthy for authorized, or falsy for unauthorized
   * isAuthorized: function(){return true;};
   *
   * secureRoutes: {
   *   '/secureRoute': {
   *     authorized: 'securedControllerMethod',
   *     unauthorized: 'unauthorizedHandlerOnController',
   *     permissions: String || String[] || {} whatever you want, gets passed to isAuthorized
   * }
   * */

  var SecureRouter = Marionette.AppRouter.extend({

    constructor: function(options) {

      Marionette.AppRouter.prototype.constructor.apply(this, arguments);

      this.options = options || {};
      this.isAuthorized = options.isAuthorized || function(){ return true; }

      var secureRoutes = Marionette.getOption(this, 'secureRoutes');
      var controller = this._getController();
      this.processSecureRoutes(controller, secureRoutes);
    },

    // Internal method to process the `secureRoutes` for the
    // router, and turn them in to routes that trigger the
    // specified method on the specified `controller`.
    processSecureRoutes: function(controller, secureRoutes) {
      if (!secureRoutes) {
        return;
      }

      var routeNames = _.keys(secureRoutes).reverse(); // Backbone requires reverted order of routes

      _.each(routeNames, function(route) {
        this._addSecureRoute(controller, route, secureRoutes[route]);
      }, this);
    },

    _addSecureRoute: function(controller, route, secureRoute) {
      var method = controller[secureRoute.authorized];
      var unauthorizedRoute = controller[secureRoute.unauthorized];

      if (!method) {
        throwError('Method "' + secureRoute.authorized + '" was not found on the controller');
      }

      this.route(route, secureRoute.authorized, _.bind(function() {
        if (this.isAuthorized(secureRoute.permissions)) {
          method.apply(controller, arguments);
        } else {
          if (unauthorizedRoute) unauthorizedRoute.apply(controller, arguments);
          console.log('unauthorized');
        }
      }, this));
    }
  });

  return SecureRouter;
});
	define([
	'underscore',
	'marionette'
	], function(_, Marionette) {
	'use strict';

	/**
	* SecureRouter
	*
	* This class is similar to the marionette Approuter except
	* that it verifies permissions before attempting to enter
	* into routes on the controller.
	*
	* This separates the security logic from the controller and provides
	* a syntax for us to configure SPA routes with security
	*
	* constructor options:
	* isAuthorized is for you to create your own validation logic,
	* return truthy for authorized, or falsy for unauthorized
	* isAuthorized: function(){return true;};
	*
	* secureRoutes: {
	* '/secureRoute': {
	* authorized: 'securedControllerMethod',
	* unauthorized: 'unauthorizedHandlerOnController',
	* permissions: String \|\| String[] \|\| {} whatever you want, gets passed to isAuthorized
	* }
	* */

	var SecureRouter = Marionette.AppRouter.extend({

	constructor: function(options) {

	Marionette.AppRouter.prototype.constructor.apply(this, arguments);

	this.options = options \|\| {};
	this.isAuthorized = options.isAuthorized \|\| function(){ return true; }

	var secureRoutes = Marionette.getOption(this, 'secureRoutes');
	var controller = this._getController();
	this.processSecureRoutes(controller, secureRoutes);
	},

	// Internal method to process the `secureRoutes` for the
	// router, and turn them in to routes that trigger the
	// specified method on the specified `controller`.
	processSecureRoutes: function(controller, secureRoutes) {
	if (!secureRoutes) {
	return;
	}

	var routeNames = _.keys(secureRoutes).reverse(); // Backbone requires reverted order of routes

	_.each(routeNames, function(route) {
	this._addSecureRoute(controller, route, secureRoutes[route]);
	}, this);
	},

	_addSecureRoute: function(controller, route, secureRoute) {
	var method = controller[secureRoute.authorized];
	var unauthorizedRoute = controller[secureRoute.unauthorized];

	if (!method) {
	throwError('Method "' + secureRoute.authorized + '" was not found on the controller');
	}

	this.route(route, secureRoute.authorized, _.bind(function() {
	if (this.isAuthorized(secureRoute.permissions)) {
	method.apply(controller, arguments);
	} else {
	if (unauthorizedRoute) unauthorizedRoute.apply(controller, arguments);
	console.log('unauthorized');
	}
	}, this));
	}
	});

	return SecureRouter;
	});