guardSvc.authorized ignores the required role

[wmlockhart]

Thank you for such an excellent resource.

The guardSvc.authorized function in features.html:

This paragraph will only show if you are currently signed in and the user is in the administrator role.

works for user authentication but doesn't check for authorisation (it appears to ignore the required role).

Would you please recommend how I could fix this issue. Thanks.

I would like to display a link in the horizontal navigation only when a user is authenticated and is authorised as a 'user' and a different link when a user is authorised as an Administrator. Would you please advise on how I could achieve this. Thanks again.

I added the resolve:

resolve: { guard: ['guardSvc', function (guardSvc) { return guardSvc.guardRoute(['administrator']); }] },

to the route. This secures the route from anonymous / non-authenticated users as expected but doesn't check for authorisation (as previous). When we fix the previous issue then I expect this will also work.

But I still can't figure out how I show / hide the link?

Thanks in advance.

Kind Regards

Walter

[JayChase]

Hi. There are a couple of issues around the guardSvc which someone pointed out to me a while ago. It looks like they are causing you problems as well. I'll get them fixed and in a new nuget release (1.2.2) over the next couple of days. In the longer term there is a new major release coming soon which will improve the way role based content is handled. I should have really created a directive for this rather than have calls to the service directly from the view. J.

[wmlockhart]

Hi Jay

Thank you for your quick response. I look forward to the fix and the upcoming major release.

Your work is the most detailed real world example I have discovered in this area. Thank you for sharing your work.

Once you release the fix I think I can pretty much use the starter as-is. However, the major release sounds great and maybe I should hold off until that is available - do you have any estimate on when that will be available?

Thanks again for sharing.

I look forward to hearing from you soon.

Kind Regards

Walter

[jhopper28]

Hi Jay - Great starter project! I'm having the same issue as Walter. Do you happen to have a timeframe for either the 1.2.2 fix or the major release? I'm very interested.

Thanks, Jeff

[JayChase]

Hi both. The nuget package 1.2.2 is available now (the source here on GitHub isn't updated yet). The role checking should be working.

Also when configuring routes you can add a property showForRoles to a route and set it to an array of the required roles. The navbar link will only show if the current user is in one or more of the roles.

For example:

    $routeProvider.when('/features', {
        templateUrl: 'app/content/features/features.html',
        controller: 'featuresCtrl',
        caseInsensitiveMatch: true,
        showForRoles: ['administrator'],
        showNav: 'features'
    });

I would keep on using v1.x for now. I will get the next release up as a beta over the next few weeks but I think it will take some time to iron at all the bugs and get things to a decent level.

Let me know if everything is working ok. J.

[wmlockhart]

Thank you Jonathan for this quick response and resolution. I will take a look over the weekend and let you know how it goes. Kind Regards. W.

[jhopper28]

Thanks, Jay. Just wanted to confirm something I'm seeing, though. I originally started with the github code base, not the nuget package. I was going to attempt to manually merge the differences from the 1.2.2 nuget package, but that appears a bit daunting from the differences I'm seeing. Maybe I'm not seeing things properly, but it looks like these are almost 2 disparate code bases. For example, files and code elements are named Ctrl/Svc in the nuget version, but Controller/Service on github; the vm. syntax is used on github, but not nuget; some files seem to have been combined/renamed/merged. Maybe I just need new glasses? :)

[JayChase]

You are right the nuget version and latest source on here aren't in sync. I created a branch that matches the nuget code (https://github.com/Useful-Software-Solutions-Ltd/Angular.Net.SecureStarter/tree/current-version). The master branch gets updated but I only package it and release it once it is all tested and working.

[wmlockhart]

Thank you Jonathan. I've downloaded the 'current-version' branch and everything appears to be working just fine. This is definitely the best secure starter kit for AngularJS and Web API that I've seen - and I've looked at quite a few that claim to do what yours does so elegantly. Have you a timeline for further features and enhancements? Also, what steps would I need to take to separate the AngularJS and Web Api code into separate projects? Thanks again. Kind Regards. Walter.

[dotnetrules]

Great work Jay! I too have searched around and tried various security solutions for Angular. Like Walter I too would like to seperate this out into projects, one for just the Angular app (empty web project with angular, no Asp.Net MVC etc) and another just to handle WebAPI (plus others for data, uow and repo etc). Part of the reason being (at some stage soon) UI/UX devs will also use OSX for just the Angular side of things and so being able to seperate this out now is a good step towards this goal. Will take a shot and see how it goes. Cheers Paul.

[wmlockhart]

Paul, those are my thoughts precisely. Paul, if you get a chance to separate into separate projects would you kindly share here in a separate branch please? Regards. Walter.

[dotnetrules]

Walter, no worries....I'll get started on it this week and will keep you all updated. Cheers Paul.

[wmlockhart]

Thank you Paul.

[JayChase]

Hi All. I like the sound of separating things out too. I have been looking at doing this in terms of the nuget packages. The idea would be to have separate packages for the spa, security module and the server side of things. I've also got a requirement for having the spa securely wrapped in an MVC project (so you can't load it unless authenticated) but still with user management in the app and to support third party auth servers. It's slow work but I will keep checking in code if it is helpful for anyone.

[wmlockhart]

That would be very helpful Jonathan. Thanks.

[dotnetrules]

Hi Jay, Walter and all. Sorry its taken so long to respond, I got busy and forgot to get back to this thread. A few days after my last post I managed to break the project out as previously discussed and its working well. Its based on the master-branch and I added a new blank web project to the solution which is all pure html and angular (no .net dependencies etc). As a test I also packaged it up as a hybrid iOS and Android app using cordova/phonegap/ionic and had good success, needs a few tweaks though.

I'm going to be free from Monday for 1 to 2 weeks and I would like to throw myself into this and get the other features of the branch hooked up and working, and I should also get time to get Jay's latest request for a MVC project completed too, provided of course if this is ok with Jay. I'll be bored in hospital so no better time to pass the time away without all the normal work distractions and do something exciting I love.... Angular and this template :-D.

If anyone has another thoughts please let me know. Also I tried to create another branch but it kept failing, so Jay I wonder if you would like to set this up and I'll push what I've done over to the branch you create.

Many thanks Paul.

[wmlockhart]

Hi Paul,

Excellent.

Thank you so much.

I would also be interested to learn how you packaged it up as a hybrid iOS and Android app using Cordova / Phonegap / Ionic.

I can't wait to see your work.

I hope your hospital visit goes well.

Speak soon.

Kind Regards

Walter