0

I'm new to Angular and Node.js, so the question might be pretty basic. I'm using the seed at https://github.com/btford/angular-express-blog for my angular-express project and if you look at the controllers file: https://github.com/btford/angular-express-blog/blob/master/public/js/controllers.js, pretty much all views are loaded using $location.url or $location.path, which I understand, is an equivalent of a window.location js call (no data passed as a part of the call).

Let's say I have got a JSON object returned from an API, and I'd like to pass that information to the next page (controller), is service the best way to go? It sounds very unnatural to me because it's just transient data that I'd like to pass in an object, as opposed to a service. Can someone help me with the best practices here?

Also, if all of this rendering is taken care at the client side, how can I secure my application? For example, if I have an admin view that's to be shown only to users with special privileges, how can I prevent someone from rendering that view, if all the logic is on the client side? I know the actions can be prevented on the server side, but how about completely preventing such things?

user1452030
  • 1,001
  • 3
  • 10
  • 18
  • I know in framework like ASP.Net MVC, we can secure the views, by adding authorize attributes on the view controller. Something similar should be there in express too. – Chandermani Aug 31 '14 at 07:04
  • Have a look at this for security http://jonsamwell.com/url-route-authorization-and-security-in-angular/ – Jon Aug 31 '14 at 07:19
  • 1
    See this anwser http://stackoverflow.com/questions/18325324/angularjs-authentication-restful-api/25093091#25093091 – Jon Aug 31 '14 at 07:20
  • Thank you for the detailed answer Jon. I'll definitely give it a try. Any guidance on the data sharing part though? – user1452030 Sep 02 '14 at 04:52

1 Answers1

0

You may also want to look route resolves, it allows you to inject the result of a promise to the controller, and ensure that the promise resolves before loading the page/controller

yelvert
  • 101
  • 1
  • 4
  • Resolves are interesting, but I'm not sure how I can use them in my context. I understand how I can make the page load dependent on availability of data from different services, but how about getting that pre-requisite data from another controller? Can you please help expand? – user1452030 Sep 02 '14 at 04:55
  • To be clearer, you are saying I'll have to define a service, which stores the state from controller 1 and that state variable or method should be referenced as a route resolve for the second controller, for me to get access to the variable? Though it sounds doable, isn't this too complex? Do we have a conventional "data transfer object" at all or is this the DTO of Angular? – user1452030 Sep 02 '14 at 05:01
  • Exactly, basically, set up a factory that returns a promise which contains your data, use that factory as a resolve for both/all controllers. All resolves that return promises will be unwrapped automatically when injected into the controller. It's not as complex as it sounds, and this method really can/should be used for all remote resources, as it will cut down on code duplication and allow you to build common APIs to interact with those resources. – yelvert Sep 02 '14 at 05:10
  • How will I pass the same instance to both controllers? I thought service returns a new instance everytime and while I need this for the first controller to avoid data mix-up between users, I want the second controller to use the exact same instance of the service. How can I achieve that? – user1452030 Sep 02 '14 at 07:06
  • Use a factory. [Simple resource](https://gist.github.com/yelvert/d9095460e5492e0f2d04) [Resource with API](https://gist.github.com/yelvert/36747991a623268b9b03), [you can even combine the two](https://gist.github.com/yelvert/3f536e690c7c1f419334) so that you always have easy access to both the raw resource and it's pretty API. A factory will always return the same instance of the object. – yelvert Sep 02 '14 at 07:21