search
HomeWeb Front-endJS TutorialHow to set page access permissions in Angularjs

How to set page access permissions in Angularjs

高洛峰
高洛峰
Dec 07, 2016 am 10:46 AM
angularjs

 In previous projects, the common way of cooperation between the front and back ends is that the front end provides the page and UI with a little DuangDuangDuang effect, and the back end builds the framework data structure and data interaction (data interaction has intersection between the front and back ends), whether it is .net, java or PHP can provide one-to-many front-end services. However, in the new form, the front-end framework is used in the project, and the development situation is different. For example, what I want to say is that this development is completed under the angular framework, and the mode is provided by the back-end. Service and API documents, page and data interaction and logical processing are completed by the front end. The front end is like a complete programmer. In this process, you will encounter previously unexpected problems (if you have not done back-end development), such as page permission control. I have to say that it is more complicated to use the front-end method to make these settings, because this data, that is, the 'marking' of these permissions, can be obtained directly when the back-end is running, that is, just click to obtain field data a.b. came out, but the front-end can only obtain it through http requests, which is cumbersome and cumbersome;

In fact, there are many ways to obtain page access rights in ng, each with its own pros and cons. The most commonly used one is the interceptor, which makes the front-end Do some operations before or after sending an http request to the backend, such as globally monitoring whether the user is logged in, the login page that will be redirected if not logged in, and the page can be accessed after logging in; the use of interceptors is often combined with background data, that is, obtaining the latest 'mark' to determine what operations should be done on this page or the next page; and here I use a front-end control method without data interaction. The idea is to define the pages that can be accessed at different levels/stages. Interception is done at the routing point. If access permissions at different levels/stages are clearly defined, you can refer to this method. The code is as follows: 

......
app.run(['$rootScope', '$state', '$window', function($rootScope, $state, $window) {
$rootScope.$on('$stateChangeStart', function(event, toState, toStateParams) {
//用户访问等级阶段, 0 1 2
Array.prototype.contains = function(needle) {
for(i in this) {
if(this[i] == needle) return true;
}
return false;
}
var status=new Array("user.a","user.b","user.c","user.d","user.e","user.f","user.g");
var status0=new Array("user.a","user.b");
var status1=new Array("user.c","user.d");
var status2=new Array("user.a","user.b","user.c","user.d");
     if (status.contains(toState.name)) {
       if(initObj.getStatus()=="0"){
if(!status0.contains(toState.name)){
event.preventDefault();
$state.go('user.approve');
}
return;
}
if(initObj.getStatus()=="1"){
if(!status1.contains(toState.name)){
event.preventDefault();
$state.go('user.result');
}
return;
}
if(initObj.getStatus()=="2"){
if(!status2.contains(toState.name)){
event.preventDefault();
$state.go('user.result');
}
return;
}
}
})
}])
......

As shown in the code, add state monitoring to the run of ng (I am here Using an-route-ui), detection is performed when a route jump is detected. The accessible 'marked' status array envisaged here contains accessible pages/routes at each level/stage, for example, the status is The complete set that needs to be detected, status0, 1 and 2 are the permission access sets of different levels/stages, that is, the hash value of the route jump in ng, which also represents the accessible pages. Using this detection method, there is no Users with access rights cannot access certain pages. For example, the hierarchical stage configuration of user a is status1, including user.c and user.d. initObj.getStatus() returns his status code of 1. When he wants to access user .a page, it will enter the judgment of initObj.getStatus()=="1", but its configuration accessible page does not include user.a, that is!status1.contains(toState.name)(toState.name Return to the page you want to jump to (return to user.a here), then enter the following operation, enter the public page or prompt page, the principle is basically like this;

Of course, this method is very different from the back-end control. It is safe but not rigorous, because even if the script in the project is released, compressed and obfuscated, you can still find traces of the settings here if you browse carefully, and the script is editable before running, which will cause a big vulnerability; however It is enough to use these configurations in some small projects, and even if someone modifies the status configuration, the data and other things are requested from the backend. If the status is incorrect, the data cannot be requested, so it is really dark to compromise the database. The front-end script interception is just for fun and testing;

Continue to explore other optimization methods. If there are experts who have better methods, you can share them; let’s stop here first.


Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Related Article
Behind the Scenes: What Language Powers JavaScript?Behind the Scenes: What Language Powers JavaScript?Apr 28, 2025 am 12:01 AM

JavaScript runs in browsers and Node.js environments and relies on the JavaScript engine to parse and execute code. 1) Generate abstract syntax tree (AST) in the parsing stage; 2) convert AST into bytecode or machine code in the compilation stage; 3) execute the compiled code in the execution stage.

The Future of Python and JavaScript: Trends and PredictionsThe Future of Python and JavaScript: Trends and PredictionsApr 27, 2025 am 12:21 AM

The future trends of Python and JavaScript include: 1. Python will consolidate its position in the fields of scientific computing and AI, 2. JavaScript will promote the development of web technology, 3. Cross-platform development will become a hot topic, and 4. Performance optimization will be the focus. Both will continue to expand application scenarios in their respective fields and make more breakthroughs in performance.

Python vs. JavaScript: Development Environments and ToolsPython vs. JavaScript: Development Environments and ToolsApr 26, 2025 am 12:09 AM

Both Python and JavaScript's choices in development environments are important. 1) Python's development environment includes PyCharm, JupyterNotebook and Anaconda, which are suitable for data science and rapid prototyping. 2) The development environment of JavaScript includes Node.js, VSCode and Webpack, which are suitable for front-end and back-end development. Choosing the right tools according to project needs can improve development efficiency and project success rate.

Is JavaScript Written in C? Examining the EvidenceIs JavaScript Written in C? Examining the EvidenceApr 25, 2025 am 12:15 AM

Yes, the engine core of JavaScript is written in C. 1) The C language provides efficient performance and underlying control, which is suitable for the development of JavaScript engine. 2) Taking the V8 engine as an example, its core is written in C, combining the efficiency and object-oriented characteristics of C. 3) The working principle of the JavaScript engine includes parsing, compiling and execution, and the C language plays a key role in these processes.

JavaScript's Role: Making the Web Interactive and DynamicJavaScript's Role: Making the Web Interactive and DynamicApr 24, 2025 am 12:12 AM

JavaScript is at the heart of modern websites because it enhances the interactivity and dynamicity of web pages. 1) It allows to change content without refreshing the page, 2) manipulate web pages through DOMAPI, 3) support complex interactive effects such as animation and drag-and-drop, 4) optimize performance and best practices to improve user experience.

C and JavaScript: The Connection ExplainedC and JavaScript: The Connection ExplainedApr 23, 2025 am 12:07 AM

C and JavaScript achieve interoperability through WebAssembly. 1) C code is compiled into WebAssembly module and introduced into JavaScript environment to enhance computing power. 2) In game development, C handles physics engines and graphics rendering, and JavaScript is responsible for game logic and user interface.

From Websites to Apps: The Diverse Applications of JavaScriptFrom Websites to Apps: The Diverse Applications of JavaScriptApr 22, 2025 am 12:02 AM

JavaScript is widely used in websites, mobile applications, desktop applications and server-side programming. 1) In website development, JavaScript operates DOM together with HTML and CSS to achieve dynamic effects and supports frameworks such as jQuery and React. 2) Through ReactNative and Ionic, JavaScript is used to develop cross-platform mobile applications. 3) The Electron framework enables JavaScript to build desktop applications. 4) Node.js allows JavaScript to run on the server side and supports high concurrent requests.

Python vs. JavaScript: Use Cases and Applications ComparedPython vs. JavaScript: Use Cases and Applications ComparedApr 21, 2025 am 12:01 AM

Python is more suitable for data science and automation, while JavaScript is more suitable for front-end and full-stack development. 1. Python performs well in data science and machine learning, using libraries such as NumPy and Pandas for data processing and modeling. 2. Python is concise and efficient in automation and scripting. 3. JavaScript is indispensable in front-end development and is used to build dynamic web pages and single-page applications. 4. JavaScript plays a role in back-end development through Node.js and supports full-stack development.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution
1 months agoByDDD
What's New in Windows 11 KB5054979 & How to Fix Update Issues
3 weeks agoByDDD
Where to find the Crane Control Keycard in Atomfall
1 months agoByDDD
How to fix KB5055523 fails to install in Windows 11?
2 weeks agoByDDD
InZoi: How To Apply To School And University
3 weeks agoByDDD
Show More

Hot Tools

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Atom editor mac version download

Atom editor mac version download

The most popular open source editor

Show More

Hot Topics

Where is the login entrance for gmail email?
7797
15
Java Tutorial
1644
14
CakePHP Tutorial
1402
52
Laravel Tutorial
1299
25
PHP Tutorial
1234
29
Show More