I have a pretty basic app and I'm having some permission problems. When the user logs in I save the session token in the localstorage.
After that, in my routing I have /profile and /documentation.
In my backend a user can have two roles: normal or admin. The normal user should not have access to the /documention tab. I'm hiding on the UI buttons based on the role but he can still go through the URL (problem).
I just want to check if the role of the user is admin when accessing /documentation, otherwise redirect to a 403 page.
Any ideas how to achieve this?
app.js :
let app = angular.module('GHoF', [
'ngclipboard',
'validator',
'angular-jwt',
'ngRoute',
'bw.paging',
'chart.js'
]);
app.config(function Config($httpProvider, jwtOptionsProvider, $routeProvider, ChartJsProvider) {
// JWT
jwtOptionsProvider.config({
tokenGetter: function() {
return localStorage.getItem('sessionToken');
},
whiteListedDomains: ['localhost']
});
$httpProvider.interceptors.push('jwtInterceptor');
// Routes
$routeProvider
.when('/profile', {
templateUrl: 'app/pages/profile/profile.html',
controller: 'ProfileCtrl'
})
.when('/documentation', {
templateUrl: 'app/pages/documentation/documentation.html'
})
.otherwise("/home")
});
app.run(function(authManager, jwtHelper) {
authManager.checkAuthOnRefresh();
let sessionToken = localStorage.getItem("sessionToken");
console.log(sessionToken);
if (sessionToken == null || jwtHelper.isTokenExpired(sessionToken) || !authManager.isAuthenticated) {
window.location.href = "/auth.html";
}
});
Login
let data = {
username: $scope.username,
password: $scope.password
};
$http.post("http://localhost:8083/api/login", data).then((res) => {
localStorage.setItem('sessionToken', res.data.token); // JWT TOKEN
});
