Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role Based Permissions #875

Closed
thehereward opened this issue Jan 4, 2016 · 4 comments
Closed

Role Based Permissions #875

thehereward opened this issue Jan 4, 2016 · 4 comments

Comments

@thehereward
Copy link

We are using ng-admin in a situation where different admins are only allowed to administer different entities. For example some admins can only administer teapots whilst other admins can only administer toasters. (A third type of super admin can administer both teapots and toasters and set the roles of other admins.)

We already have out application set up with authentication. Authorization is looking a little more challenging. I suspect we have two options:

  1. Write custom bootstrapping for angular
    • This would let us load our login code before configuring ng-admin and then configure ng-admin only with the entities the user has permission to administer. This seems like it should work but will almost certainly be rather unpleasant.
  2. Write custom menus and dashboards to hide forbidden entities
    • Combined with security on our API of course.

I suspect we will be going for option 2 but I thought I would raise this in case:

  1. Anyone has any bright ideas of easier ways to achieve this.
  2. It helps anyone else with a similar problem in future.

Thanks 😄
@fzaninotto
Copy link
Member

There was a proposal done on the demo quite a while ago: marmelab/ng-admin-demo#8

My opinion is that it's outside of ng-admin's scope to deal with roles and permissions. It shouldn't be too hard to plug your own logic in, though.

@beatelite
Copy link

@thehereward . Did you ever get this sorted? What did you end up doing? I'm working out the same issues right now.

@thehereward
Copy link
Author

We ended up loading the currently logged in user as a constant before bootstrapping the application. After a successful login/logout we then restarted the entire application, so running the bootstrap again with an entirely new user.

This isn't particularly pleasing but it does work.

A (stripped down and anonymised) version of our bootstrap:

var app = angular.module('application-name', ['ng-admin']);

function loadInfoNeededBeforeBootstrap() {
    var initInjector = angular.injector(["ng"]);
    var $http = initInjector.get("$http");

    return $http.get("/api/pre_bootstrap").then(function (response) {
        app.constant("userInfo", response.data.userInfo);
    }, function (errorResponse) {
        app.constant("userInfo", {});
    });
}

function bootstrapApplication() {
    angular.element(document).ready(function () {
        angular.bootstrap(document, ["application-name"]);
    });
}

loadInfoNeededBeforeBootstrap().then(bootstrapApplication);

@fzaninotto fzaninotto mentioned this issue May 17, 2016
Closed
@shershen08
Copy link

this works in principle but first gives error like
Failed to instantiate module app due to: Error: [$injector:unpr] Unknown provider: userInfo

@pvanderlinden pvanderlinden mentioned this issue Dec 12, 2016
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fzaninotto @shershen08 @beatelite @thehereward