Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Role Based Access Control in Angular2?

Tags:

typescript

angular

single-sign-on

access-control

I understand the working of JWT based authentication, but I am struggling to understand the correct approach to create a role based access control in angular2.

Can some-one please provide a way to approach this problem, or some useful links.

like image 854
ankitkamboj Avatar asked Feb 21 '16 23:02

ankitkamboj

People also ask

What are the two types of role-based access control?

Technical – assigned to users that perform technical tasks. Administrative – access for users that perform administrative tasks.

What is role-based authentication in angular?

What is Role-Based Authorization? In the system's security, the role-based authorization / role-based access control (RBAC) is a way of restricting and managing machine access to authorized users. RBAC (Role-based access control) confines access to the network based on the employee's role in an organization.

What is RBAC model?

Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC ensures employees access only information they need to do their jobs and prevents them from accessing information that doesn't pertain to them.

How do you do role-based authorization?

For role-based authorization, the customer is responsible for providing the user ID, any optional attributes, and all mandatory user attributes necessary to define the user to Payment Feature Services. The customer must also define the roles that are assigned to the user.

1 Answers

In the Angular application you can do these things:

  1. Make sure that AuthGuard returns false if user is not authorized to access particular component.
  2. Hide the menu items that user is not supposed to see.

Remember that real authorization enforced on the server end, in the angular2 you are just dealing with presentation layer.

Here is the one possible approach:

  1. You add custom claim to a JWT token. It can be something like this:

    {
  "user" : "JohnDoe",
  "roles" : ["admin","manager","whatever"]
}

  2. In the angular app, you create AuthService, where you decode the JWT token and store extracted claim in the variable, and in the localStorage

  3. You can create a navigationService which will store the data about menu and roles required to access particular component in the object or array. It can be something like that (pseudocode):

    const menuItems = [
    {
        "name":"Dashboard",
        "routerLink":"/dashboard",
        "rolesRequired":["user"]
    },
    {
        "name":"ControlPanel",
        "routerLink":"/cp",
        "rolesRequired":["admin"]
    },
    .....  
]

constructor(private authService:AuthService){}

getMenu(){
    return this.menuItems.filter(
        element => {
          return 
          this.authService.user.role.haveElement(element.rolesRequired)
       }
    )
}

  4. In the menu component you can use navigation service to retrive the list of allowed menu items.

  5. You can use same navigationService in the AuthGuard.

like image 71
RB_ Avatar answered Sep 28 '22 09:09

RB_
Sign in to Comment

Related questions

Using Angular Material2 with PrimeNG in the same project
Loading indication with a delay and anti-flickering in RxJS
NullInjectorError: No provider for DecimalPipe
Disable button when input is empty in Angular 2
How to scroll element into view when it's clicked
Angular 2 New Router: Change / Set Query Params
How to set the background-color of a div as primary theme color in Angular 2 Material
ERROR: @angular/material/material has no exported member 'MdButtonModule'
Angular 5 - On mouse enter show a button and on mouse leave hide a button
Pass Angular Reactive FormControls to Children Components
Preserve Symlinks in Angular Libraries
Equivalent of Angular 1 otherwise route in Angular 2
Angular2- Getting confused with Observable Catch closure scope
Conditional styling on host element
XMLHttpRequest with Observable in Typescript
Drop Down List in Angular 2 Model Driven Form
CanDeactivate confirm message
Pass parameter to Angular 4 directive on input
Angular 4: changing url, but component is not rendered
Why am I getting "no exported member" errors when attempting to upgrade Angular?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!