堆栈内存溢出
  简体   繁体   English

我如何设置身份验证保护以仅允许管理员使用管理仪表板(ngx-admin)?

[英]How can i setup auth guard to only allow admins to use the admin dashboard(ngx-admin)?

 原文  2019-05-02 11:36:05       html/ angular/ ngx-admin

问题描述

I have a list of users in MySql, Each one has role column that is either ADMIN or USER.我在 MySql 中有一个用户列表,每个用户都有 ADMIN 或 USER 的角色列。 I have setup auth guard to only allow a registered user to use the ngx-admin but I want to take a step further and only allow the admin to enter.我已经设置了身份验证保护,只允许注册用户使用 ngx-admin,但我想更进一步,只允许管理员进入。 How can i do that?我怎样才能做到这一点?

1 个解决方案

解决方案1
 1 已采纳  2019-05-02 12:04:43

On Authorization.关于授权。 You have to send an Unauthorized API Response when the Role is not Admin.当角色不是管理员时,您必须发送未经授权的 API 响应。

Then you need an interceptor which will logout the user when unauthorize response is received.然后你需要一个拦截器,它会在收到未经授权的响应时注销用户。 or maybe return him to a new unauthorized page.或者让他返回一个新的未经授权的页面。 whatever is preferred.无论是首选。

I have no knowledge of spring.我对春天一无所知。 But in angular you can modify the interceptor like this.但是在 angular 中,您可以像这样修改拦截器。

@Injectable()
export class HttpConfigInterceptor implements HttpInterceptor {
    constructor(private authenticationService: AuthenticationService) { }
    intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {

        request = request.clone({ url: `${request.url}` });

        // Sample how authorization headers are being assigned
        let currentUser = this.authService.currentUserValue;

        if (currentUser && currentUser.Token) {
            request = request.clone({
                setHeaders: {
                    Authorization: `Bearer ${currentUser.Token}`
                }
            });
        }
        ////

        return next.handle(request).pipe(
            map((event: HttpEvent<any>) => {
                if (event instanceof HttpResponse) {
                }
                return event;
            }),
            catchError((error: HttpErrorResponse) => {
             //Here you can catch errors in the request.

                if (error.status === 401) { <- 401 is UnAuthorized . if Status is 401
                    // auto logout if 401 response returned from api - Unauthorized
                    this.authService.logout();
                    location.reload(true);
                   //Redirecting is left to the AuthGuard. it will auto redirect on reload
                }
               //this is if any other error occurs.
                let data = {};
                data = {
                    reason: error && error.error.reason ? error.error.reason : '',
                    status: error.status
                };
                return throwError(error);
            }));
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何仅允许管理员使用 laravel 删除/编辑用户信息? - How do I allow only admin to be able to delete/edit users informations using laravel? 如何允许管理员在其网站的后端上编辑数据库表? - How can I allow admins to edit a db table on their site's backend? 在视图中链接到管理仪表板 - Link to Admin Dashboard in View 如何将管理员和用户重定向到他们的页面? - How can I redirect admin and user to their pages? 如何与管理员和用户一起查看? - How can I make a view with an admin and user? 如何在Django Admin中允许HTMLField并将其反映在模板上? - How allow HTMLField in Django Admin and reflect that on the template? 当非管理员用户在管理面板中登录时,如何隐藏一些导航栏页面? - How can I hide some navbar pages when a non-admin user is logged-in in the admin panel? 我如何将管理员和员工的页面链接到单独的页面 - how can i link a page for admin and staff with separate pages 我如何以管理员身份配置自定义闪电记录表单中的字段? - How can I configure fields in a custom lightning record form as an admin? 如何访问django-admin页面并进行扩展? - How can I access the django-admin page and extend it?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM