Angular 2 roles and permissions
I have used angular2 and laravel 5.3 in my project. in laravel when user logged in server will be send the permissions of the user to handle authorization in angular. so I wrote a guard to protect routes from users that cannot access. here is my guard class code:
export class AccessGuard implements CanActivate{
permissions;
currentRoute;
constructor(private authService:AuthService,private router:Router){
this.permissions = this.authService.getPermissions();
}
canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot){
return this.checkHavePermission(state.url);
}
canActivateChild(route: ActivatedRouteSnapshot, state: RouterStateSnapshot){
return this.checkHavePermission(state.url);
}
private checkHavePermission(url){
switch (true) {
case url.match(/^\/panel\/users[\/.*]?/):
return this.getPermission('user.view');
case url.match(/^\/panel\/dashboard/):
return true;
case url.match(/^\/panel\/permissions/):
return this.getPermission('permissions.manager');
case url.match(/^\/panel\/candidates[\/.*]?/):
return this.getPermission('candidate.view');
}
}
getPermission(perm){
for(var i=0;i<this.permissions.length;i++){
if(this.permissions[i].name == perm ){
return true;
}
}
return false;
}
}
Now that the routes are secured I wondering that how can I access the user permission inside component class. Because sometimes user can access to a route but he can't see a specific part of dom. how can I handle this kind of situation?
Answer
You should store the permissions in the service itself instead of in the guard.
So when the use authenticates, you store the permission in a property of the Authentication Service. Then in the guard, you call the this.authService.<property> to use the permission. In any other component, you can do the same, this.authService.<property> to get the user's permission level
Since the service will be passed around as a singleton, all components will have access to the same property.