permission protected routes

packages/rocketchat-authorization/package.js

@@ -10,6 +10,7 @@ Package.onUse(function(api) {
   api.versionsFrom('1.0');
   api.use([
     'coffeescript',
+    'underscore',
     'rocketchat:lib@0.0.1',
     'alanning:roles@1.2.12'
     ]);

packages/rocketchat-lib/client/lib/roomTypes.coffee

@@ -3,6 +3,16 @@ RocketChat.roomTypes = new class
 	roomTypes = {}
 	mainOrder = 1
 
+	protectedAction = (item) ->
+		if not item.permissions? or RocketChat.authz.hasAtLeastOnePermission item.permissions
+			return item.route.action
+
+		return ->
+			BlazeLayout.render 'main',
+				center: 'pageContainer'
+				pageTitle: t('Not_authorized')
+				pageTemplate: 'notAuthorized'
+
 	### Adds a room type to app
 	@param identifier An identifier to the room type. If a real room, MUST BE the same of `db.rocketchat_room.t` field, if not, can be null
 	@param order Order number of the type
@@ -34,7 +44,7 @@ RocketChat.roomTypes = new class
 		if config.route?.path? and config.route?.name? and config.route?.action?
 			FlowRouter.route config.route.path,
 				name: config.route.name
-				action: config.route.action
+				action: protectedAction config
 				triggersExit: [roomExit]
 
 	###

packages/rocketchat-ui/lib/accountBox.coffee

@@ -28,6 +28,16 @@
 		self.box = $(".account-box")
 		self.options = self.box.find(".options")
 
+	protectedAction = (item) ->
+		if not item.permissions? or RocketChat.authz.hasAllPermission item.permissions
+			return item.route.action
+
+		return ->
+			BlazeLayout.render 'main',
+				center: 'pageContainer'
+				pageTitle: t('Not_authorized')
+				pageTemplate: 'notAuthorized'
+
 	###
 	# @param newOption:
 	#   name: Button label
@@ -44,7 +54,7 @@
 			if newItem.route?.path? and newItem.route?.name? and newItem.route?.action?
 				FlowRouter.route newItem.route.path,
 					name: newItem.route.name
-					action: newItem.route.action
+					action: protectedAction newItem
 
 	getItems = ->
 		return _.filter items.get(), (item) ->

packages/rocketchat-ui/package.js

@@ -76,6 +76,7 @@ Package.onUse(function(api) {
 	api.addFiles('views/app/audioNotification.html', 'client');
 	api.addFiles('views/app/burguer.html', 'client');
 	api.addFiles('views/app/home.html', 'client');
+	api.addFiles('views/app/notAuthorized.html', 'client');
 	api.addFiles('views/app/pageContainer.html', 'client');
 	api.addFiles('views/app/privateHistory.html', 'client');
 	api.addFiles('views/app/room.html', 'client');

packages/rocketchat-ui/views/app/notAuthorized.html

+<template name="notAuthorized">
+	<h2>{{_ "Not_authorized"}}</h2>
+</template>

packages/rocketchat-ui/views/app/pageContainer.html

-<template name="page-container">
-	<section class="page-container page-home page-static">
+<template name="pageContainer">
+	<section class="page-container page-home page-static page-list">
 		<head class="fixed-title">
 			{{> burger}}
 			<h2>