So it seems you need to have roles beforehand, which means you need to make api call to grape the roles. Is that best practice?
On Thursday, November 24, 2016 at 3:10:12 AM UTC-5, Felix Costa wrote: > > What is the best way to implement ACL / paper-based with angular 2? > > > My scenario, in a nutshell, is this: The roles are dynamic and are based > on the permissions that the client can configure that can also be dynamic. > > > I need to prevent the user from having access to a particular resource > that he is not authorized to do. For this I thought of using the concept of > Guards of the Angular. With CanActivate Guard I could set whether to let > the user pass or not, based on information I would put in each route. This > information would be the name of the resource to which that route refers. > When I got to the guard I could compare with his role and see if his role > has access to this feature and whether or not to allow navigation. > > > But with that in could fall into two more problems: > > > 1 - How to redirect the user to a resource that he has access to? Would I > have to list the route files and look for someone who is compatible with > his role and then redirect there? > > > 2 - How to disable components that it can not see on pages that it can > access? For example, it has access to the listing page X but it does not > have access to create a new item, so I need to remove the Create Something > button. Or rather, how to do this with divs elements that contains specific > information for some roles but not for the role of it? > > > I would like to know how best to approach this scenario within the angular > ecosystem. > > > Thanks for listening. > -- You received this message because you are subscribed to the Google Groups "Angular and AngularJS discussion" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
