Comments (11)
Thanks @amobrem, that feature is already added on 0.3. Please check it out and tell us what you think - we would love to get your feedback.
from mean.
Sorry I guess I was thinking more of ACL. I don't see that implemented unless I am missing something...
from mean.
@roieki is there any documentation for the new roles feature?
@amobrem, what have you found so far? I'm reading about https://github.com/OptimalBits/node_acl and Sails.JS policies. I agree with you, a roles-acl reusable/pluggable module is much needed and would be an extremely appealing feature for project starters. I was exactly at this point, trying to figure out which acl would fit better in Meanjs.
from mean.
My guess would be https://github.com/optimalbits/node_acl would be the best option
from mean.
Hi @amobrem @telemakhos what about https://www.npmjs.org/package/connect-roles?
from mean.
I already read about connect-roles and it is a great option, but (personally) I like more node_acl and the fact that it comes with several plug&play options for backend (Mongo, Redis, in-memory, etc). This increases the amount of choices for the user and offers the possibility for quickly offloading reads to better performant db engines .
Here’s an example of how it could be nicely implemented (you can scroll to the 4th comment)… OptimalBits/node_acl#38
from mean.
Sorry I was out of town. I agree with @telemakhos .
from mean.
HI @amobrem and @telemakhos take a look at this https://github.com/meanjs/mean/tree/0.3.1 and tell me what you think about the implementation of ACL in the app/policies folder, I find it a bit sketchy so I would be glad to hear your opinion as well.
from mean.
@amoshaviv I think it is is pretty neat, a nice starting point. I think it would also be nice to keep the main app roles in a single ‘corePolicy.js’ or 'mainPolicy.js' file inside the policies/ folder, so we don't have to keep inserting overlapping roles/permissions over and over in newly created modules and just pass a single list.
And then, glob the additional policies specific to vertical modules. I mean, giving both options, first loading the mainPolicy.js and then globbing policies from the vertical modules that extend the main one.
Make sense?
from mean.
Hi Everyone,
In order to help the community better review feature requests, we organized everything in a public Trello board: https://trello.com/b/5FAPcode/mean-js. You can comment and vote on the features you want implemented, so we'll have a clearer understanding of community needs.
Let us know what you think about this solution.
Cheers,
Amos
from mean.
With angular, I usually use a simple AuthenticationService that stores the userID, and the user role on Authentication,
services.AuthenticationService = function($http, SessionService, $rootScope) {
$rootScope.logged = false;
var singularUrlBase = apiurl + 'Login';
return {
logout : function(){
SessionService.firstName = null;
SessionService.lastName = null;
SessionService.userRole = null;
SessionService.staffID = null;
SessionService.logged = false;
},
authenticate: function(login,password){
return $http.put(singularUrlBase, {login:login,pass:password});
},
login: function(userData) {
SessionService.firstName = userData.firstName;
SessionService.lastName = userData.lastName;
SessionService.userRole = userData.role;
SessionService.staffID = userData.id;
SessionService.logged = true;
},
isLoggedIn: function() {
return SessionService.logged;
},
getRole: function(){
return SessionService.userRole;
},
validateRole: function(roles) {
if(SessionService.userRole === null){
return false;
}
return SessionService.userRole ? _.contains(roles, SessionService.userRole) : false;
},
homePage: "/leads"
};
};
then, in my routes definition, I define the roles this way :
when('/adminReasons', {
title: "Reasons Admin",
templateUrl: 'partials/admin/reasons.html',
controller: "adminReasons",
roles: ["superadmin", "admin"]
}).
This will check on every route change event in angularjs that the role assigned to user on login is the same as the one required in the route definition :
$rootScope.$on('$routeChangeStart', function(event, next, current) {
$rootScope.$broadcast("routeChanged", next);
if (typeof next.$$route.roles !== "undefined") {
if (AuthenticationService.validateRole(next.$$route.roles) === false) {
$location.path('/login');
}
}
else {
$location.path('/login');
}
});
This is possible to modify this logic to query every route change with a secure service to make it more secure.
from mean.
Related Issues (20)
- tion HOT 1
- Is MEAN.js still maintained? HOT 8
- missing apt package to install
- error when deploy to heroku
- Gulp tasks broken after upgrading to Gulp v4
- Travis CI fails on Windows build
- "npm install" fails on macOS mojave HOT 1
- npm install fails with "error: ‘class v8::Object’ has no member named ‘ForceSet’" on node-sass with node v10.15.1 HOT 5
- How is the Authentication process working in the meanjs? Where does the process flow starts when a website is loaded which file gets loaded and what are the files that are called in an orderly manner while checking authenicaton?
- Any free server available for deploy small mean stack application.
- Is MEAN.JS planning to upgrade framework with Angular2+ if yes then when it could be done if not then what about AngularJS abandaon thing?
- npm install error according the mean's doc! HOT 1
- How to connect two different databases from mongoose for the same project HOT 2
- Improving speed of MEAN Stack application HOT 1
- RPi4 ubuntu-standard default installation permission issue HOT 1
- Getting started guide using mac doesn't work HOT 2
- Getting errors on npm install and npm start on Windows HOT 5
- meanjs stack failled submit form
- meanjs stack failled submit HOT 7
- Question about Future HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mean.