I want to share with you (community) my problem.
I use MEAN stack, so I use Node.js with Express and AngularJS and I have singe app application.
I use passport as an authentication strategy in Node \ Express \ Jade code.
I want to create admin section on my page to manage users and others stuff.
I want also protect this AngularJS sites loaded asynchronously by adding some access control to my $routeProvider like:
$routeProvider.when('/admin/users', {
templateUrl: '/views/admin/users.html',
auth: {
required: true,
roles: ['admin']
}
})
This is only pseudocode which I want to achive in my real solution.
If user is not logged in, should be redirect to /signin page, and if user is logged in and does not have proper role to view this page, should be redirect to appropiate view with custom information.
I prefer to handle access control on the server side, and just not serve anything up to the user if s/he shouldn't be able to access it. Then I field and interpret the response from the server to do things like rerouting to a sign-in form.
This allows for really flexible security mechanisms. For example, I can configure my backend security with a firewall for something like you've described (where a route "/admin" and all of its descendants should be protected). I can use ACLs to secure individual objects, or a SecurityManager that allows for more complex analyses of the user making the request.
Maybe this isn't a direct answer to your question, but instead encouragement to approach the problem differently. Still I think it's a better approach than anything that I've seen in terms of pure JS access control.
Have a look at UI-Router: https://github.com/angular-ui/ui-router
It is pretty cool and you can intercept state changes based on whatever security scheme you want.
We are using it with a permission/role/group based security scheme and it works awesome.
来源:https://stackoverflow.com/questions/20926126/what-is-the-best-way-to-create-angularjs-acl