Angular2 routing canActivate and AuthGuard (JWT) with user role parameter

javascript authentication angular roles angular2-routing
Kamil Kiełczewski picture Kamil Kiełczewski · Jul 15, 2016 · Viewed 29.7k times · Source

In this exaple project with JWT authentication we se how to allow only authenticated users to some route:

import { RouterConfig } from '@angular/router';
import { Home } from './home';
import { Login } from './login';
import { Signup } from './signup';
import { AuthGuard } from './common/auth.guard';

export const routes: RouterConfig = [
  { path: '',       component:  Login },
  { path: 'login',  component: Login },
  { path: 'signup', component: Signup },
  { path: 'home',   component: Home, canActivate: [AuthGuard] },
  { path: '**',     component: Login },
];

I would like make step further and also indicate what user role have 'access' to route - but I don't know how to pass argument to canActivate AuthGuard (src). So I would like to achieve something like this (for instance I have two roles: Admin and Employee):

  { path: 'home',   component: Home, canActivate: [AuthGuard] },
  { path: 'users',   component: AdminUsers, canActivate: [AuthGuard('Admin')] },
  { path: 'users',   component: Employees, canActivate: [AuthGuard('Employee')] },

Where my AuthGuard could look something like this (where userRole(= Admin or Employee or null) is passed parameter to AuthGuard):

@Injectable()
export class AuthGuard implements CanActivate {
  constructor(private router: Router) {}

  canActivate(userRole) {
    if (!userRole || JWT.user().role == userRole) {
      return true;
    }

    this.router.navigate(['/login']);
    return false;
  }
}

where JWT.user.role is helper which read user role stored in JWT token. Is there a way to do something similar like above idea?

Answer

Arman picture Arman · Oct 5, 2016

You can set the data parameter of the route with the role like this 

const appRoutes: Routes = [
{ 
  path: 'account/super-secure', 
  component: SuperSecureComponent, 
  canActivate: [RoleGuard], 
  data: { roles: ['super-admin', 'admin'] } 
}];

and then have this in canActivate of RoleGuard:

canActivate(route: ActivatedRouteSnapshot,
    state: RouterStateSnapshot): boolean {

    let roles = route.data["roles"] as Array<string>;
    return (roles == null || roles.indexOf("the-logged-user-role") != -1);
}

I think this could be another way of doing it instead of creating guard for every role. I would actually take this rout since it requires less code and handles the problem very nicely.

Related questions

Use basic authentication with jQuery and Ajax

I am trying to create a basic authentication through the browser, but I can't really get there. If this script won't be here the browser authentication will take over, but I want to tell the browser that the user is …

Read More
How do I remove documents using Node.js Mongoose?

FBFriendModel.find({ id: 333 }, function (err, docs) { docs.remove(); //Remove all the documents that match! }); The above doesn't seem to work. The records are still there. Can someone fix?

Read More
AngularJS: Basic example to use authentication in Single Page Application

I am new to AngularJS and gone through their tutorial and got a feel for it. I have a backend for my project ready where each of the REST endpoints needs to be authenticated. What I want to do a.) …

Read More