Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Role Based Access Control in Angular2?

I understand the working of JWT based authentication, but I am struggling to understand the correct approach to create a role based access control in angular2.

Can some-one please provide a way to approach this problem, or some useful links.

like image 854
ankitkamboj Avatar asked Feb 21 '16 23:02

ankitkamboj


People also ask

What are the two types of role-based access control?

Technical – assigned to users that perform technical tasks. Administrative – access for users that perform administrative tasks.

What is role-based authentication in angular?

What is Role-Based Authorization? In the system's security, the role-based authorization / role-based access control (RBAC) is a way of restricting and managing machine access to authorized users. RBAC (Role-based access control) confines access to the network based on the employee's role in an organization.

What is RBAC model?

Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC ensures employees access only information they need to do their jobs and prevents them from accessing information that doesn't pertain to them.

How do you do role-based authorization?

For role-based authorization, the customer is responsible for providing the user ID, any optional attributes, and all mandatory user attributes necessary to define the user to Payment Feature Services. The customer must also define the roles that are assigned to the user.


1 Answers

In the Angular application you can do these things:

  1. Make sure that AuthGuard returns false if user is not authorized to access particular component.
  2. Hide the menu items that user is not supposed to see.

Remember that real authorization enforced on the server end, in the angular2 you are just dealing with presentation layer.

Here is the one possible approach:

  1. You add custom claim to a JWT token. It can be something like this:

    {
      "user" : "JohnDoe",
      "roles" : ["admin","manager","whatever"]
    }
    
  2. In the angular app, you create AuthService, where you decode the JWT token and store extracted claim in the variable, and in the localStorage

  3. You can create a navigationService which will store the data about menu and roles required to access particular component in the object or array. It can be something like that (pseudocode):

    const menuItems = [
        {
            "name":"Dashboard",
            "routerLink":"/dashboard",
            "rolesRequired":["user"]
        },
        {
            "name":"ControlPanel",
            "routerLink":"/cp",
            "rolesRequired":["admin"]
        },
        .....  
    ]
    
    constructor(private authService:AuthService){}
    
    getMenu(){
        return this.menuItems.filter(
            element => {
              return 
              this.authService.user.role.haveElement(element.rolesRequired)
           }
        )
    }
    
  4. In the menu component you can use navigation service to retrive the list of allowed menu items.

  5. You can use same navigationService in the AuthGuard.

like image 71
RB_ Avatar answered Sep 28 '22 09:09

RB_