Skip to content Skip to sidebar Skip to footer
Home / Angularfire / Firebase / Firebase Authentication / Firebase Security / Javascript

How To Implement A Role Based Access Control With Angularfire

Post a Comment
My understanding is that I need to undertake the following steps: Make the users' roles read-only Use security rules on the data which access the roles to control access Check for

Solution 1:

Here's how i did it.

First i made a factory to check if the user has the correct rights:

angular.module('rights.services', [])
.factory('Rights', function ($q) {
    var ref = firebase.database().ref();

    return {
        hasAdminAccess: function (user) {
            var deferred = $q.defer();
            ref.child("Rights").child("Admin").child(user.uid).once('value').then(function (snapshot) {
                if (snapshot.val()) {
                    deferred.resolve(true);
                }
                else{
                    deferred.reject("NO_ADMIN_ACCESS");
                }
            });
            return deferred.promise;
        }
    };
});

And secondly i use this factory inside the resolve:

.state('logged', {
            url: '',
            abstract: true,
            templateUrl: helper.basepath('app.html'),
            resolve: {
                    // YOUR RESOLVES GO HERE// controller will not be loaded until $requireAuth resolves// Auth refers to our $firebaseAuth wrapper in the example above"currentAuth": ["Auth", function (Auth) {
                        // $requireAuth returns a promise so the resolve waits for it to complete// If the promise is rejected, it will throw a $stateChangeError (see above)return Auth.refAuth().$requireSignIn();
                    }],
                    "waitForAuth": ["Auth", function (Auth) {
                        // $requireAuth returns a promise so the resolve waits for it to complete// If the promise is rejected, it will throw a $stateChangeError (see above)return Auth.refAuth().$waitForSignIn();
                    }],
                    //Here i check if a user has admin rights, note that i pass currentAuth and waitForAuth to this function to make sure those are resolves before this function
                    hasAdminAccess: function (currentAuth, waitForAuth, Rights) {
                        return Rights.hasLightAccess(currentAuth);
                    }
                })
        })

Keep in mind the way you save user roles in firebase can be different from how i do it in this example. This is (part of) how it looks in firebase:

{"moderators":{"0123eeca-ee0e-4ff1-9d13-43b8914999a9":true,"3ce9a153-eea8-498f-afad-ea2a92d79950":true,"571fa880-102d-4372-be8d-328ed9e7c9de":true}},{"Admins":{"d3d4effe-318a-43e1-a7b6-d7faf3f360eb":true}}

And the security rules for these nodes:

"Admins": {
    "$uid": {
      //No write rule so admins can only be added inside the firebase console".read": "auth != null && auth.uid ==$uid"
    }
},
"Moderators" : {
  //Admins are able to see who the moderators are and add/delete them".read" : "(auth != null) && (root.child('Admins').hasChild(auth.uid))",
  ".write" : "(auth != null) && (root.child('Admins').hasChild(auth.uid))",
    "$uid": {
      ".read": "auth != null && auth.uid ==$uid"
    }
}

You may like these posts

Post a Comment for "How To Implement A Role Based Access Control With Angularfire"