Ng-token-auth and route permissions
I am currently implementing Angular ng-token-auth
in my application, while this works great, I am having problems restricting access to certain pages.
In some of my routes, I have a couple of additional parameters:
data: {
title: 'Dashboard',
restricted: true, // Only allow logged in users
role: 2 // Only allow a specific role
}
I do this by checking the login in $stateChangeStart
, so before switching routes, I can check if the user is allowed that route.
I've followed suggestions ng-token-auth
for using a parent route with permission to check if a user is logged in or not:
resolve: {
auth: function($auth) {
console.log('validate user');
return $auth.validateUser();
}
}
Now the problem occurs when I first load the application, obviously the event was $stateChangeStart
fired before it $auth.validateUser()
was resolved, which causes the login $stateChangeStart
to fail and the user is redirected to the login page.
What would be the best way to implement this "permission logic", I don't want to do it en route as it will add a lot of extra work and code.
Doing this in $stateChangeStart
also doesn't seem to be the best option as it doesn't work on first boot.
source to share
I would consider Authentication
both Authorization
as two different things.
ng-token-auth
helps you with authentication. It will even help you choose which routes should be available to authenticated users. Refer example-using-angular-ui-router
role: 2 // Only allow a specific role
more like authorization and permissions. You can use a different approach for this. One such approach. We took a similar approach - we also made sure that part of the authorization was pre-selected.
source to share