blur-admin (lwazevedo) authentication module for submenus

Question

I'm using RBAC in the blur-admin template in angularjs. Where I've the following scenario - suppose, I've the main side-menu named 'Utilities', which includes 3 sub-menus. That is, when user clicks on Utilities, he'll see 3 sub-menus - 1) EDI Mapper 2) Inventory Mapper 3) Invoice Mapper

My utilities.module.js is -

(function() {
  'use strict';

  angular.module('BlurAdmin.pages.utilities', [
      'ui.select',
      'ngSanitize',
      'BlurAdmin.pages.utilities.ediMapper',
      'BlurAdmin.pages.utilities.inventoryMapper',
      'BlurAdmin.pages.utilities.invoiceMapper',
    ])
    .config(routeConfig);

  /** @ngInject */
  function routeConfig($stateProvider) {
    $stateProvider
      .state('main.utilities', {
        url: '/utilities',
        template: '<ui-view  autoscroll="true" autoscroll-body-top></ui-view>',
        abstract: true,
        title: 'Utilities',
        sidebarMeta: {
          icon: 'ion-hammer',
          order: 100,
        },
        authenticate: true,
        params: {
          authRoles: ['admin', 'inventory-user']
        }
      });
  }

})();

where, authRoles are admin & inventory-user. That is the Utilities menu is only visible to admin & inventory-user, but not visible to any other users. I want to achieve the same for sub-menus, I've implemented the same logic for the sub menu - Inventory Mapper as follows -

inventoryMapper.module.js -

(function() {
  'use strict';

  angular.module('BlurAdmin.pages.utilities.inventoryMapper', ['angularFileUpload'])
    .config(routeConfig);

  /** @ngInject */
  function routeConfig($stateProvider) {
    $stateProvider
      .state('main.utilities.inventoryMapper', {
        url: '/inventoryMapper',
        templateUrl: 'app/pages/utilities/inventoryMapper/inventoryMapper.html',
        controller: 'inventoryMapperCtrl as vm',
        title: 'Inventory Mapper',
        sidebarMeta: {
          icon: 'ion-ios-pulse',
          order: 100,
        },
        authenticate: true,
        params: {
          authRoles: ['admin', 'inventory-user']
        }
      });
  }
})();

invoiceMapper.module.js -

(function() {
  'use strict';

  angular.module('BlurAdmin.pages.utilities.invoiceMapper', ['angularFileUpload'])
    .config(routeConfig);

  /** @ngInject */
  function routeConfig($stateProvider) {
    $stateProvider
      .state('main.utilities.invoiceMapper', {
        url: '/invoiceMapper',
        templateUrl: 'app/pages/utilities/invoiceMapper/invoiceMapper.html',
        controller: 'invoiceMapperCtrl as vm',
        title: 'Invoice Mapper',
        sidebarMeta: {
          icon: 'ion-ios-pulse',
          order: 100,
        },
        authenticate: true,
        params: {
          authRoles: ['admin', 'inventory-user']
        }
      });
  }
})();

& similar for EDIMapper.module.js with authRoles: ['admin', 'edi-user'].

Now, here, the problem is when I log in with inventory-user, he should only be able to see Utilities -> Inventory Mapper and not two other sub-menus EDI Mapper & Invoice Mapper under utilities, but he sees all of them.

But currently, all the users are able to see all sub-menus under Utilities and want to restrict them to their sub-menu only. Other sub-menus should not be accessible/visible to them.

In short, output expected for inventory-user login is -

output expected for invoice-user login is -

score 1 · Accepted Answer · answered Oct 03 '17 at 07:39

The problem was not fully with the modules, Just added all the roles in utilities.module.js, as - authRoles: ['admin', 'inventory-user', 'invoice-user', 'edi-user']. And referring this, updated getAuthorizedMenuItems() in baSidebar.service.js as following -

this.getAuthorizedMenuItems = function(user) {
    var states = defineMenuItemStates();
    var menuItems = states.filter(function(item) {
        return item.level == 0 && _.includes(item.authRoles, user.role);
    });

    menuItems.forEach(function(item) {
        var children = states.filter(function(child) {
            // added this - _.includes(child.authRoles, user.role);, here level == 1 means submenus
            return child.level == 1 && child.name.indexOf(item.name) === 0 && _.includes(child.authRoles, user.role);
        });
        item.subMenu = children.length ? children : null;
    });

    return menuItems.concat(staticMenuItems);
};

blur-admin (lwazevedo) authentication module for submenus

1 Answers1