Comments (10)
Hi Rob! Sorry my reply is so late.
This seems like unintended behavior, so I'll take a look at it this weekend. Thanks for reporting :)
from angular-client-side-auth.
Hi - i noticed the same behavior, the order of declaring roles in access levels is important. This is because the buildAccessLevels function defined in routingConfig is (incorrectly) taking the last role declared when setting up the "title" attributes. What's more important, because the Auth.isLoggedIn() method is making decisions based on titles comparisons, it is allowing users with the "user" access level, to enter resources as if they had "admin" role (at least in the original code that resides in the repo, at the time of writing this). Nevertheless, great job with coming up with the concept for client-side auth. Cheers.
from angular-client-side-auth.
Thanks for the detailed analysis! I've been busy working on the ui-router migration lately, but since this seems like a really serious bug I'll get on this right away.
from angular-client-side-auth.
Thanks Frederick! One question, in my app I now have the following roles:
roles: [
'public',
'user',
'userpro',
'users',
'admin'
]
... and access levels:
accessLevels: {
'public': '*',
'anon': ['public'],
'user': ['user'],
'userpro': ['userpro'],
'users': ['user', 'userpro', 'admin'],
'admin': ['admin']
}
As you can see, the title for one of my access levels is users which is not actually a role. So will your fix return the key for the title as opposed to one of the roles as it currently does? (hope this makes sense).
Cheers, Rob
from angular-client-side-auth.
Yes, that was my initial thought. However, upon closer inspection I think I might delete the title property completely from the accessLevels object. The "title" property mprzydatek mentioned (the one used in the "isLoggedIn" function of the Auth service) is actually not from the accessLevels object but from the userRoles object. The title property of the userRoles object is set correctly, so it seems we don't have a bug here after all. So the "title" property of the accessLevels object was added as a mistake as there is no use for it in any of the other services or directives. I will push out a new commit removing title from the generated accessLevels in a few minutes. That is unless you guys see a good use for it in your own applications.
Oh, and so sorry for neglecting this issue for so long Rob. It flew off my radar since I was busy with other things, so I'm very sorry it took so long.
from angular-client-side-auth.
Hah, you're right - I checked my code and I only use role.title in my app! So I have no objections to removing the Access Level title property (unless someone else is using it). And no worries about the delay, it hasn't held me up a bit - just noticed it in passing :)
BTW - this repo is proving very useful for me - have integrated with Hapi.js and using Stormpath for user account management. Your cookie on load to set the user role is inspired!
from angular-client-side-auth.
Happy to hear that :) Let me know if/when your project is up and publicly available!
from angular-client-side-auth.
role title is still being used in Auth service (isLoggedIn function).
from angular-client-side-auth.
Yes, but the title property used is that of the userRoles
object, not the accessLevels
object. The titles are calculated correctly for the userRoles object, so this is not a problem. The original problem here was that for some reason accessLevels
also received a title property (which was calculated incorrectly) when there is no tangible use for a title property on the accessLevels
object. This is the title property that as removed in the commit I mentioned.
from angular-client-side-auth.
OK, got it. Thanks Frederik. Take care.
from angular-client-side-auth.
Related Issues (20)
- Replace $cookieStore to $cookies HOT 1
- I am new to npm and angular, I tried on windows 8.1, i was able to complete npm install, but npm start gave error HOT 1
- Server depends on a file located in the client directory HOT 1
- book mark HOT 2
- npm install throwing me to include npm-debug.log
- react js issue
- npm run build error HOT 3
- Can't start the "npm run dev" on my ubuntu 17.10 Laravel 5.5
- I am new with Node and it gives me error whenever i run npm start command.Can anyone please help me....
- i have error when i write npm start
- I'm new with Node
- Unresolved variable or type routingConfig HOT 2
- Google Logout HOT 2
- How about using JWT instead of cookies HOT 5
- "data.access" in toState is always false HOT 2
- Integration with Django HOT 3
- Social sites login
- Question about passing the user to HTTP GET * HOT 1
- Use ng-if instead CSS HOT 5
- any sample with asp.net mvc HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular-client-side-auth.