检查用户是否有权访问特定状态

时间:2016-07-22 11:46:04

标签: angularjs angular-ui-router angular-permission

我使用angular-permission并且我想检查用户是否可以访问特定状态。

我的状态配置:

    $stateProvider
        .state('app', {
            url: '/',
            abstract: true,
            data: {
                permissions: {
                    only: ['BASE']
                }
            }
        })

是否有可以在控制器中使用的方法或其他方法来确定它?

// somewhere in controller
if (Permission.hasAccessToState('app')) {
    // I want to check if user has access to state without navigating to it
};

如果有人有兴趣,这里是相应的discussion on github

2 个答案:

答案 0 :(得分:1)

我在文档维基中找不到任何内容。但根据来源和评论,似乎有一个Authorization服务,你可以利用它。

//inject PermissionMap and Authorization    
App.controller('Controller',function(PermissionMap,Authorization,$scope) {

     //get the state by name an assign it to `state`
      var permissionMap = new PermissionMap(state.data.permissions);

      var authorizationResult = Authorization.authorize(permissionMap);

      authorizationResult
        .then(function () {
          //authorized
        })
        .catch(function (rejectedPermission) {
          //unauthorized
        });
});

查看此代码并查看其是否有效

<强>更新

在回复之后,我更深入地研究了代码。 也许我们需要StatePermissionMap和StateAuthorization。

 var statePermissionMap = new StatePermissionMap(state);

  StateAuthorization
      .authorize(statePermissionMap)
      .then(function () {
         //authorized
      })
      .catch(function (rejectedPermission) {
        //unauthorized
      })

答案 1 :(得分:0)

文档中没有提到任何内容,但这是我如何实现它。

基本上,我在$ rootScope中有用户角色(因为我是从后端获取的)

1)在所有状态定义中定义所有用户可以访问该状态的内容。例如:

      .state('state1', {
            url: '/state1',
            views: {
                content: {
                    templateUrl: 'state1-partial.html',
                    controller: 'StateOneController'
                }
            },
            data: {
                    access:['Admin','Manager'] //only admin and manager can access this state
            }
        })
       .state('state2', {
            url: '/state2',
            views: {
                content: {
                    templateUrl: 'state2-partial.html',
                    controller: 'StateTwoController'
                }
            },
            data: {
                    access:['Admin'] //only admin can access this state
            }
        })

2)然后在angular.module运行函数中,当状态改变事件发生时,我将访问这些:

此外,我在此处使用服务 isAuthorized 来验证用户是否有权访问该状态。如果是,我将用户导航到该状态,否则我会抛出错误。

angular.module('myApp').run(function($rootScope, $state,$stateParams,isAuthorized){
    $rootScope.$on('$stateChangeStart', function (event, toState, toParams,   fromState,fromParams) {

    var isAccessRequired = toState.data.access;
    var isAccessRequired = toState.data && toState.data.access;
        //prevent default routing


            if(isAccessRequired){
                //I stored userRoles in $rootScope.userRole in an array when fetching from backend.
                var hasAccess = isAuthorized($rootScope.userRole,toState.data.access);

                if(!hasAccess){
                    event.preventDefault();

                    //user doesnt have access, show error and dont take him anywhere


                }

            }


    });
});

3)在我的服务中(isAuthorized):

(function(){
    'use strict';

    angular.module('myApp')

        .service('isAuthorized', function() {
           return function(role,access){

          //logic here that will see if data.access is present in the user roles, if yes it will return true else return false

                return flag;
           }


        });

})();