Closed jack-kerouac closed 10 years ago
Looks awesome, thanks! But there seem to be a bug with transitioning to the default route after login, at least in my tests. I will take a look at this. Also, is there any specific reason why you do a reload()
at reset()
and loadUser()
, instead of wrapping the new logic in a function?
Again, thanks!
The bug seem to be related to the reload()
, because after login, it just reloads the state/route. A solution would be to always redirect to the default route if the login route is accessed when logged in.
You are right. I replaced the reloading of the route/state by a re-check of access rights. See the latest change.
Considering the transition to the default route after login: I removed it which might have been a bad idea since it changes the default behavior. The reason I did this is that I think this behavior is to rigid: If the login form is just a popup, not a state, I do not want a state change happening after login. Also, if a user accesses a state for which he needs to log in, there should be no redirect to the default route afterwards, but to the state the user tried to access. So in this case, the transition to the default route is not required as well. In general, I think that there should be no state transitions in the library at all.
IMHO, state transitions in reaction to login/logout should be implemented through listeners to the user.login and user.logout event.
So what to do? Risk an incompatible behavior (remove transitioning to the default route), or readd it?
Sorry for the delay.
Yes you are right, there might be a lot of different use cases, but it would break all the existing apps that are using this library. So my suggestion is maybe to have transitions as default, and if it is overridden then they won't happen.
So if the listeners are used, no transitions are made, else they are as default. What do you think of that?
I will merge this and then fix the last fixes on the main branch.
I added an authenticationSuccessHandler
that gets invoked after a successful login. If this function returns true
(default) it will automatically redirect to the default route.
Please let me know what you think, and help me test it before I release a new version.
Thanks! This module is getting pretty awesome ;)
Hi.
Now I am sorry for the delay. The solution looks good! I tried it and it works for me.
But why is the transition made based on the return value of the authenticationSuccessHandler
and not just by the default handler?
I'm sorry for the delay as well ;)
I just made it that way to keep it easy for the user. If someone would like to override the authenticationSuccessHandler
they could do that and still keep the default behavior if wanted. What do you think of that design?
Thanks!
I think your point is valid but I would have preferred the
authenticationSuccessHandler
to transition the state. This way, it would
be the same behavior as with the other handlers I introduced.
On Tue, May 13, 2014 at 11:36 PM, Timothy E. Johansson < notifications@github.com> wrote:
I'm sorry for the delay as well ;)
I just made it that way to keep it easy for the user. If someone would like to override the authenticationSuccessHandler they could do that and still keep the default behavior if wanted. What do you think of that design?
Thanks!
— Reply to this email directly or view it on GitHubhttps://github.com/userapp-io/userapp-angular/pull/3#issuecomment-43016379 .
Yes, you are right, it should be consistent. I will have an extra look at this tomorrow.
Btw, I've made some changes to the input parameters to the handlers which could break your existing code. Could you try the latest version before I publish it? You can see the changes here: https://github.com/userapp-io/userapp-angular/commit/db7b5d13a444efb759810fd9ec169ca21df6e207
Thanks!
Hi again,
I've changed the default behavior of authenticationSuccessHandler
to do the transition, as you suggested. It's more consistent that way.
Timothy
By introducing an
authorizationRequiredHandler
and anaccessDeniedHandler
, reaction to these two types of access control violations is more flexible.authCheck
complementshasPermission
by a more flexible mechanism for access-checking of routes/states. I cleaned up some other route/state transitions when logging in/out.As a result, the login form could now be displayed in a popup (no dedicated login state required anymore), as well as a notification about access denial. Logging in and out does not necessarily change the route/state anymore (if access rights allow that) but just reload the current state.
What do you think?