Closed RonAlmog closed 8 years ago
lol if ng-show
is given a false
, it definitely shouldn't be ng-show
ing! One question, what does you userRoles
array look like?
server\config\environment\shared.js:
'use strict'; exports = module.exports = { // List of user roles userRoles: ['guest', 'user', 'admin', 'teacher', 'student'] };
Okay, you'll probably want it to be more like ['guest', 'user', 'student', 'teacher', 'admin']
. The order here matters for permissions (https://github.com/angular-fullstack/generator-angular-fullstack/blob/master/templates/app/client/components/auth(auth)/auth.service.js#L145)
Wow, that did the trick! so the roles must be ordered from low to high, and whenever you check for a role, the answer will be true if the user is in higher role. for example: if i'm checking for 'teacher', all admins will be there, too. i need to think if that's good or bad. but for now, you have just solved my problem. thank you so much!
Of course it's not the best plan for everything, but the idea is that it achieves a lot of what you could want from a very simple architecture.
Auth problem: every user that i assign a role, can see the admin menu. the line is the original from the generator:
the users are created by seed. look at these 3 users:
admin has a role of admin. testuser has no role. johnsmith has a role of teacher.
admin and johnsmith can see the admin menu. testuser cannot. the problem is with johnsmith. he is not admin, and definitely should not see the admin menu...
to add to the confusion: i have checked (when logged as johnsmith) in the navbar controller the value of
this.isAdmin()
isfalse
! so if it's false... how come the admin menu is visible? any idea?