我使用angular-permission并且我想检查用户是否可以访问特定状态。
我的状态配置:
$stateProvider
.state('app', {
url: '/',
abstract: true,
data: {
permissions: {
only: ['BASE']
}
}
})
是否有可以在控制器中使用的方法或其他方法来确定它?
// somewhere in controller
if (Permission.hasAccessToState('app')) {
// I want to check if user has access to state without navigating to it
};
如果有人有兴趣,这里是相应的discussion on github。
答案 0 :(得分:1)
我在文档维基中找不到任何内容。但根据来源和评论,似乎有一个Authorization
服务,你可以利用它。
//inject PermissionMap and Authorization
App.controller('Controller',function(PermissionMap,Authorization,$scope) {
//get the state by name an assign it to `state`
var permissionMap = new PermissionMap(state.data.permissions);
var authorizationResult = Authorization.authorize(permissionMap);
authorizationResult
.then(function () {
//authorized
})
.catch(function (rejectedPermission) {
//unauthorized
});
});
查看此代码并查看其是否有效
<强>更新强>
在回复之后,我更深入地研究了代码。 也许我们需要StatePermissionMap和StateAuthorization。
var statePermissionMap = new StatePermissionMap(state);
StateAuthorization
.authorize(statePermissionMap)
.then(function () {
//authorized
})
.catch(function (rejectedPermission) {
//unauthorized
})
答案 1 :(得分:0)
文档中没有提到任何内容,但这是我如何实现它。
基本上,我在$ rootScope中有用户角色(因为我是从后端获取的)
1)在所有状态定义中定义所有用户可以访问该状态的内容。例如:
.state('state1', {
url: '/state1',
views: {
content: {
templateUrl: 'state1-partial.html',
controller: 'StateOneController'
}
},
data: {
access:['Admin','Manager'] //only admin and manager can access this state
}
})
.state('state2', {
url: '/state2',
views: {
content: {
templateUrl: 'state2-partial.html',
controller: 'StateTwoController'
}
},
data: {
access:['Admin'] //only admin can access this state
}
})
2)然后在angular.module运行函数中,当状态改变事件发生时,我将访问这些:
此外,我在此处使用服务 isAuthorized 来验证用户是否有权访问该状态。如果是,我将用户导航到该状态,否则我会抛出错误。
angular.module('myApp').run(function($rootScope, $state,$stateParams,isAuthorized){
$rootScope.$on('$stateChangeStart', function (event, toState, toParams, fromState,fromParams) {
var isAccessRequired = toState.data.access;
var isAccessRequired = toState.data && toState.data.access;
//prevent default routing
if(isAccessRequired){
//I stored userRoles in $rootScope.userRole in an array when fetching from backend.
var hasAccess = isAuthorized($rootScope.userRole,toState.data.access);
if(!hasAccess){
event.preventDefault();
//user doesnt have access, show error and dont take him anywhere
}
}
});
});
3)在我的服务中(isAuthorized):
(function(){
'use strict';
angular.module('myApp')
.service('isAuthorized', function() {
return function(role,access){
//logic here that will see if data.access is present in the user roles, if yes it will return true else return false
return flag;
}
});
})();