[英]How can i setup auth guard to only allow admins to use the admin dashboard(ngx-admin)?
I have a list of users in MySql, Each one has role column that is either ADMIN or USER.我在 MySql 中有一个用户列表,每个用户都有 ADMIN 或 USER 的角色列。 I have setup auth guard to only allow a registered user to use the ngx-admin but I want to take a step further and only allow the admin to enter.我已经设置了身份验证保护,只允许注册用户使用 ngx-admin,但我想更进一步,只允许管理员进入。 How can i do that?我怎样才能做到这一点?
On Authorization.关于授权。 You have to send an Unauthorized API Response when the Role is not Admin.当角色不是管理员时,您必须发送未经授权的 API 响应。
Then you need an interceptor which will logout the user when unauthorize response is received.然后你需要一个拦截器,它会在收到未经授权的响应时注销用户。 or maybe return him to a new unauthorized page.或者让他返回一个新的未经授权的页面。 whatever is preferred.无论是首选。
I have no knowledge of spring.我对春天一无所知。 But in angular you can modify the interceptor like this.但是在 angular 中,您可以像这样修改拦截器。
@Injectable()
export class HttpConfigInterceptor implements HttpInterceptor {
constructor(private authenticationService: AuthenticationService) { }
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
request = request.clone({ url: `${request.url}` });
// Sample how authorization headers are being assigned
let currentUser = this.authService.currentUserValue;
if (currentUser && currentUser.Token) {
request = request.clone({
setHeaders: {
Authorization: `Bearer ${currentUser.Token}`
}
});
}
////
return next.handle(request).pipe(
map((event: HttpEvent<any>) => {
if (event instanceof HttpResponse) {
}
return event;
}),
catchError((error: HttpErrorResponse) => {
//Here you can catch errors in the request.
if (error.status === 401) { <- 401 is UnAuthorized . if Status is 401
// auto logout if 401 response returned from api - Unauthorized
this.authService.logout();
location.reload(true);
//Redirecting is left to the AuthGuard. it will auto redirect on reload
}
//this is if any other error occurs.
let data = {};
data = {
reason: error && error.error.reason ? error.error.reason : '',
status: error.status
};
return throwError(error);
}));
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.