I have permission levels for users on my system: admin user and basic user.
I have a page that only admin users can access. I put an ng-if="isAdmin ()" in the hide menu if you are not an administrator.
It works correctly, but if by chance the user tries to access the page through the URL of the browser, he is able to access the page. How do I in AngularJS, not to let this page access if the user is not an administrator type?
I'm using ui-router and the version of Angular is 1.6:)
This is my code:
//Rotas
app.config(function($routeProvider) {
$routeProvider.when('/', {
templateUrl : 'home.html',
})
$routeProvider.when('/appointments', {
templateUrl : 'views/appointment/appointment.html',
controller : 'AppointmentController'
})
$routeProvider.when('/patients', {
templateUrl : 'views/patient/patient.html',
controller : 'PatientController'
})
$routeProvider.when('/users', {
templateUrl : 'views/user/user.html',
controller : 'UserController',
})
$routeProvider.when('/services', {
templateUrl : 'views/service/service.html',
controller : 'ServiceController'
})
});
/* Load para pegar as informações do usuário logado */
$scope.getUserData = function(){
OdontoService.load('rest/user/getUserData').then(function (data) {
$scope.userAuthenticated = data.data;
localStorage.setItem('permission', $scope.userAuthenticated.permission);
$scope.isLoading = false;
},function (error){
console.log(error);
});
}
$scope.isAdminUser = function(){
return localStorage.getItem('permission') == 0;
}
Permission 0 means the user is an administrator.