Securing Your Application
requireAdminUser);
}
});
}Now, if a non-admin user attempts to access a route, which has this method as a
resolve, a new item is added to the securityRetryQueue service. Adding this
item to the queue will trigger the security service to display the login form,
where the user can login with admin credentials. Once the login succeeds, the
requireAdminUser method will be retried and, if successful, the route change
will be allowed to succeed.
Creating the authorization service
To support these route resolve methods, we create a service, called
authorization, which provides methods to check whether the current user
has specified permissions.
In a more complex application, we would create a service that could
be configured with a range of roles and permissions to support the
security requirements of the application.For our application, this service is very simple, and only contains two methods:
requireAuthenticatedUser() and requireAdminUser(), which can be described
as follows:
- requireAuthenticatedUser(): This method returns a promise that will
only be resolved when the user has logged in successfully. - requireAdminUser(): This method returns a promise that will only be
resolved when an administrator has logged in successfully.
Since these methods are in a service, which is not available directly while configuring
the $routeProvider, we would normally have to call these methods in a function,
wrapped in an array as follows:
['securityAuthorization', function(securityAuthorization) {
return securityAuthorization.requireAdminUser();
}]