对于隔离管理员和普通用户使用角度是否安全?

时间:2017-10-26 12:04:24

标签: angularjs mean-stack

我最近开始学习Angularjs,我希望通过使用它来实现权限控制。

基本上,如果用户不是管理员,则该用户无法访问管理页面。

为了实现不同用户的隔离,我只使用angular来编写管理页面,如下所示:

<div class="page-header" ng-if = "main.admin">
<h1 class="center-block">User Management</h1>
<button type="button" class="btn" ng-click="admin.showByName(names)">Search</button>
<input type = "text" class="form-control" placeholder="Please input the username" ng-model = "names">
<br>
<div class= "alert alert-warning" ng-show="admin.show">{{admin.err}}</div>
<br>
<table class="table">
    <tr>
        <th>User Name</th>
        <th>Email</th>
        <th></th>
    </tr>
    <tr ng-repeat="user in admin.users | filter:admin.names" >
        <td>{{user.username }}</td>
        <td>{{user.email}}</td>
        <td>
            <!-- If the user in the table is admin, the delete function will be unavailable -->
            <button type="button" class="btn btn-primary" ng-show = "!user.admin" ng-click="admin.deleteUser(user.username)">Delete</button>
        </td>
    </tr>
</table>

<div ng-show="!main.admin">
<div class="alert alert-danger">Access Denied! You have no permission to access this page</div>

“main.admin”的值只有true和false。如果值为false,则此页面将不允许一般用户访问。但它是否足够安全,只能在前端采取措施?

0 个答案:

没有答案