Block routes according to user permission Angularjs

Asked

Viewed 1,455 times

1

I have a system where I log in a user, in case everything right the server returns me an object and I store this object in sessionStorage. I can recover this object to do some validations, e.g.: render some components according to user permission.

I would like to block some routes according to the user’s permission, that is, if the user has permissão = 2 he won’t be able to access that route: /usuario

The route configuration is as follows:

angular.module("oraculo").config(function($routeProvider){

    $routeProvider.when("/usuario", {
        templateUrl: "public/views/usuario.html",
        controller: "usuarioCtrl"
    });


    $routeProvider.otherwise({redirectTo: "/login"});

});
angularjs route permissions

1 answer

2


Monitor the notification queue for the event $locationChangeStart, and if necessary cancel the event:

$scope.$on('$locationChangeStart', function(event) {
    if (!validaPermissoesUsuario()) {
       event.preventDefault();
    }
});

Or, alternatively, redirect the user:

$scope.$on('$locationChangeStart', function(event) {
    if (!validaPermissoesUsuario()) {
       $location.path( "/naoAutorizado" );
    }
});

Another option is to implement, in the route configuration, a term otherwise interpreting and manipulating the required route:

$routeProvider.otherwise({
    redirectTo: function() {
        //Descreva sua validação de permissões aqui.
        return '/naoAutorizado';
    }
});

However, the way I would recommend it would be by evaluation on the service side. If the logged-in user does not have permissions, please return 401 Unauthorized and configure your view accordingly.

  • I got it, that’s what I’d do in this config of routes or in the controller of each page?

  • Like broadcasts can be announced for the entire application, this code could be within a service - responsible only for monitoring route changes and redirecting if necessary.

  • @Techies I included an example to be entered in the route configuration as well.

  • Beauty kk, I’m thinking, would be able to use the resolve to make that validation?

  • @Techies yes, it is possible. However I have included another suggestion that may be more useful to you, check the edited reply.

  • All right, I’ll try it this way.

  • @Onosendai The problem of validating in the service (server?) is that the otherwise expects function or a string with the route or a function that will be executed synchronously, requests as they are asynchronous would not be expected, so the next block would continue the execution. One solution I found are the future states, which implement asynchronous routes, allowing greater flexibility, see in this link

  • @Onosendai In this case, I leave the comment to the AP if it wants something more flexible, particularly I would prefer Future States if my application only consumed an API, because at each exchange of states I could check if the authentication token is still valid. Although, I do not know if it would reduce the scalability of the application when doing this, but I believe that I do not know... rs

  • @Eprogrammernotfound The solution you presented is valid - what I meant by the last part is that you can, for example, load the user’s permissions set from the JS side, and via synchronous validation control the flow. Via server, a common method is to implement an Injector that, when receiving specific HTTP states (for example 403 Forbidden), force the route to a page that Handling correct.

  • @Onosendai Roger that! Actually, I work with applications that control via server as you mentioned, we are working on a solution to control in the Browser, we are in a dilemma whether we will do as you said, synchronously or we will use Future States. I posted the comment so that if someone had already used this ui-router extra and knew of some problem/ or advantage could also comment, and of course suggest to AP and show it another way.

Show 5 more comments

Browser other questions tagged angularjs route permissions

You are not signed in. Login or sign up in order to post.