I would like to know what is the best way to handle user roles in Angular ?.
The scenario is as follows: I have an application in Angular that consumes a REST API made with Laravel, the same one that provides me with a token. The application will handle 3 types of roles (administrator, student, teacher), the routes are protected by a Guard service.
{ path: '', redirectTo: 'login', pathMatch: 'full' },
{ path: 'login', component: LoginComponent },
{
path: 'admin', component: DashAdminComponent, children: [
{
path: 'estudiantes', component: EstudiantesComponent, children: [
{ path: 'nuevo-estudiante', component: NuevoEstudianteComponent, canActivate: [GuardService] },
{ path: 'todos', component: ListaComponent, canActivate: [GuardService] },
{ path: 'editar/:id', component: EditarComponent, canActivate: [GuardService], }
], canActivate: [GuardService]
},
{ path: 'docentes', component: DocentesComponent, children:[
{ path: 'nuevo-docente', component: NuevoDocenteComponent, canActivate: [GuardService] },
{ path: 'lista-docente', component: ListaDocenteComponent, canActivate: [GuardService] },
], canActivate: [GuardService] }
], canActivate: [GuardService]
},
The Guard service verifies if the token is present and valid
canActivate() {
if (this.apiSerive.getLogged()) {
return true;
} else {
this._router.navigate(['/login']);
return false;
}
}
However, this logic (checking if the token is valid and present) could allow a user with a student role to access a route destined for administrator role users.
Any suggestion is welcome.
Aucun commentaire:
Enregistrer un commentaire