Summary

The web content provides a tutorial on implementing role-based routing access in an Angular application using Angular Guard.

Abstract

The article titled "Angular Role-Based Routing Access with Angular Guard" by an unnamed author explains how to secure routes in an Angular 9 application based on user roles. The author illustrates this through a demo scenario with Admin and User roles, where each role has access to specific routes (/admin, /user, and /home). The tutorial covers the creation of an AuthService to manage user login status and roles, and the implementation of an AuthGuard to enforce role-based access control. The AuthGuard uses the CanActivate interface to check a user's login and role before activating a route. The Routing Module is configured with role information and the AuthGuard to protect routes. The author emphasizes the ease of implementing role-based protection and provides source code and a video demonstration for clarity.

Opinions

The author believes that role-based access control is essential for routing in Angular applications.
They suggest that using Angular Guard is a straightforward method for protecting routes.
The author values simplicity in implementation, as evidenced by the creation of a simple AuthService without JWT integration for the sake of the tutorial.
The author assumes that the reader has a basic understanding of Angular and its CLI, as commands like ng generate guard auth are provided without extensive explanation.
They imply that the methods described are best practices for route protection in Angular applications.
The author encourages readers to explore further by providing a link to the project's source code on GitHub and references to the Angular documentation.

Angular Role-Based Routing Access with Angular Guard

Hi everyone,

In this blog post, I would like to show you how to implement role-based access control using Angular 9.

Demo’s scenario;

I have created a simple application that includes Admin, User roles. On the main page the guest will see the showcase to see the web site images.

If the user login as admin, the user can access the /admin route. If the user login as a user, the user can access /user route in the application. If he is a guest, he only can access /home page, neither /admin nor /user route.

I will examine how to implement role-based access between routes.

I will use the Angular Guard to protect routes.

Let’s Begin

What’a an Angular Guard?
AuthService
AuthGuard Implementation
Routing Module Implementation

What’s an Angular Guard?

The interfaces that inform whether the requested route is allowed are called guards. While performing these operations, the guards look at the return values of the implemented interfaces’ methods.

There are different types of guard methods I listed below.

What are these methods?

CanActivate

Controls whether a route can be activated. Interface that a class can implement to be a guard deciding if a route can be activated. If all guards return true, navigation will continue. If any guard returns false, navigation will be canceled.

CanActivateChild

Interface that a class can implement to be a guard deciding if a child route can be activated. If all guards return true, navigation will continue. If any guard returns false, navigation will be canceled.

CanDeactivate

Interface that a class can implement to be a guard deciding if a route can be deactivated. If all guards return true, navigation will continue. If any guard returns false, navigation will be canceled.

CanLoad

Interface that a class can implement to be a guard deciding if children can be loaded.

Resolve

Interface that classes can implement to be a data provider. A data provider class can be used with the router to resolve data during navigation.

In this blog post, I will use the CanActivate guard to protect the router's link. You can easily implement role-based protection for your router, you could use like CanActivateChild like the same way.

AuthService

I have created an Auth service that provides information about the user’s login status and roles.

I don’t have any integration about jwt token implementation. This is just a simple simulation for login and getting roles.

login() function takes a string argument and store a user login state and role. The value entered as an argument to the role.

logout() function removes the user's information about login from local storage.

isLoggedIn() function inform us whether the user is logged into the system.

getRole() function gives us the user's role from local storage.

AuthService

AuthGuard Implementation

To create a guard you should use angular-cli command. This can be like below.

Create auth-guard

ng generate guard auth

The method that will run before each request to the router is the CanActivate interface method.

In this method we will check if the user is logged in and has a correct role.

checkUserLogin() method takes 2 parameters. These are ActivatedRouteSnapshot and url .

We control the role stored in the value of the data object given to the router. If it has a correct role the method will return true, otherwise return false and navigate to /home route.

AuthGuard.ts

Routing Module Implementation

We will provide the Routes object with information about the role. This process is simple. All you have to do is add a guard and add your datato the role.

Adding guard like below,

canActivate: [AuthGuard]

You can give the role information that will access that page like below,

data: {
          role: 'ROLE_ADMIN'
     }`

routing-module.ts

With the above scenario, you can protect your routes based on role.

This is a very simple project to implement it. I am adding a video showing how it works.

The source code of the project on github.

I hope you enjoy when reading.

Have a nice coding.

References

angular.io