Hi All,
I want to know how you guys go about preventing edits by non authorized
users in angularjs using rest.
For example, currently a user can login and edit his account. Take for
example the webpage he is sent to to edit...
www.somesite.com/edit/2/account
2 being the user id.
Now that that user is logged in, he can manipulate the url and enter
www.somesite.com/edit/*3*/account
I have no current way to prevent this and I have been playing around with
it but haven't found a great solution. So far I have been checking the
current user's id compared to the user_id in the routeParams
the route for example looks like this...
.when('/edit/:user_id/account', {
templateUrl: '../views/account.php',
controller: 'MemberAccountController',
restrict: true,
name: 'account'
})
I am using $routeChangeStart event to try to settle this
Any input will help.
Thanks
--
You received this message because you are subscribed to the Google Groups
"AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
