AngularJS添加授权路线 [英] AngularJS adding authorization to routes

问题描述

我如何添加授权AngularJS和ui.router？
我使用的是modulg NG-的OAuth https://github.com/andreareginato/oauth-ng

How can I add authorization to AngularJS and ui.router? I'm using the modulg ng-oauth https://github.com/andreareginato/oauth-ng

我可以使用下面的例子从页面 http://andreareginato.github.io/oauth-纳克/ ？

Can I use the following examples from the page http://andreareginato.github.io/oauth-ng/?

$scope.$on('oauth:login', function(event, token) {
  console.log('Authorized third party app with token', token.access_token);
});

$scope.$on('oauth:logout', function(event) {
  console.log('The user has signed out');
});

$scope.$on('oauth:loggedOut', function(event) {
  console.log('The user is not signed in');
});

$scope.$on('oauth:denied', function(event) {
  console.log('The user did not authorize the third party app');
});

$scope.$on('oauth:expired', function(event) {
  console.log('The access token is expired. Please refresh.');
});

$scope.$on('oauth:profile', function(profile) {
  console.log('User profile data retrieved: ', profile);
});

谢谢，
西蒙

Thanks, Simon

推荐答案

您可以创建一些恒定的角色是这样的：

You could create some constant roles like this:

.constant('USER_ROLES', {
    ALL: '*', //@unused
    ADMIN: 'ROLE_ADMIN';
    USER: 'ROLE_USER',
    ANONYMOUS: 'ROLE_ANONYMOUS' 
})

自定义数据/常量添加到您的状态：

Add this custom data/constants to your states:

$stateProvider.state('myapp.admin', {
    url: '/admin',
    .....
    data : {
        authorizedRoles : [USER_ROLES.ADMIN] //Thes
    }
}

所以，当你进行身份验证和检索数据库这些角色，你可以存储在该用户对象和会话，所以你最终可以验证这一点，当一个路由改变...

So when you authenticate and retrieve these roles from your database you can store this in your user object and session so you can eventually verify this when a route changes...

在您的身份验证服务（除了登录，注销等）添加下面的方法。

In your auth service (apart from logging in, logging out etc...) you add the following methods.

isAuthenticated: function () {
    return session.hasSession();
},

isAuthorized: function (authorizedRoles) {
    if (!angular.isArray(authorizedRoles)) {
        authorizedRoles = [authorizedRoles];
    }

    var roles = session.roles();

    var roleIncluded = roles.some(function (role) {
        return (authorizedRoles.indexOf(role) != -1);
    });

    return (session.hasSession() && roleIncluded);
},

所以，当你的应用程序改变路径发生 .RUN 块验证和prevention是可能的。

So when you change the route in the applications .run block validation occurs and prevention is possible.

$rootScope.$on('$stateChangeStart', function (event, next) {
    if (authService.isAuthenticated()) {
        if (next.data.authorizedRoles === null) {
            handle();
        }
        if (!authService.isAuthorized(next.data.authorizedRoles)) {
            handle();
        }
    } else {
        handle();
    }
}

Ofcourse这一点只是一个例子，熊市也有其他的解决方案。

Ofcourse this is just an example and bear in mind there are other solutions.

这篇关于AngularJS添加授权路线的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！