我最近开始学习Angularjs,我希望通过使用它来实现权限控制。
基本上,如果用户不是管理员,则该用户无法访问管理页面。
为了实现不同用户的隔离,我只使用angular来编写管理页面,如下所示:
<div class="page-header" ng-if = "main.admin">
<h1 class="center-block">User Management</h1>
<button type="button" class="btn" ng-click="admin.showByName(names)">Search</button>
<input type = "text" class="form-control" placeholder="Please input the username" ng-model = "names">
<br>
<div class= "alert alert-warning" ng-show="admin.show">{{admin.err}}</div>
<br>
<table class="table">
<tr>
<th>User Name</th>
<th>Email</th>
<th></th>
</tr>
<tr ng-repeat="user in admin.users | filter:admin.names" >
<td>{{user.username }}</td>
<td>{{user.email}}</td>
<td>
<!-- If the user in the table is admin, the delete function will be unavailable -->
<button type="button" class="btn btn-primary" ng-show = "!user.admin" ng-click="admin.deleteUser(user.username)">Delete</button>
</td>
</tr>
</table>
<div ng-show="!main.admin">
<div class="alert alert-danger">Access Denied! You have no permission to access this page</div>
“main.admin”的值只有true和false。如果值为false,则此页面将不允许一般用户访问。但它是否足够安全,只能在前端采取措施?