根据检索到的对象值限制页面访问
Restricting page access based on retrieved object values
假设我有以下用户属性,我想限制对页面的访问。这在我的Firebase noSQL数据库中,但我认为这可能与从任何地方获取数据有关。
{
"users": {
"simplelogin:1": {
"properties": { "admin_user": true }
}
}
}
所以在我的 JavaScript 中,我有以下内容:
var user_properties = new Firebase("https://<MY-URL>.com/users/"+auth.uid+"/properties");
user_properties.once("value", function(properties) {
if(properties.val().admin_user == false)
window.location.replace("/");
});
因此,在"管理页面"的页面加载中,我加载了此 javascript。如果他们不是管理员,该页面应该重定向。
但是,我遇到了管理页面在收集数据然后重定向时加载一秒钟的问题。
有没有人对如何在页面加载之前使页面重定向有任何建议?
Firebase 中的安全规则可以防止在未经许可的情况下查看网页中的数据。然后,您只需要一个客户端解决方案来重定向页面。这里的简单答案是在路线中使用resolve
。
您可以在 angularFire-seed 项目中找到此方法的完整实现。以下是相关代码:
"use strict";
angular.module('myApp.routes', ['ngRoute', 'simpleLogin'])
.constant('ROUTES', {
'/home': {
templateUrl: 'partials/home.html',
controller: 'HomeCtrl',
resolve: {
// forces the page to wait for this promise to resolve before controller is loaded
// the controller can then inject `user` as a dependency. This could also be done
// in the controller, but this makes things cleaner (controller doesn't need to worry
// about auth status or timing of displaying its UI components)
user: ['simpleLogin', function(simpleLogin) {
return simpleLogin.getUser();
}]
}
},
'/chat': {
templateUrl: 'partials/chat.html',
controller: 'ChatCtrl'
},
'/login': {
templateUrl: 'partials/login.html',
controller: 'LoginCtrl'
},
'/account': {
templateUrl: 'partials/account.html',
controller: 'AccountCtrl',
// require user to be logged in to view this route
// the whenAuthenticated method below will resolve the current user
// before this controller loads and redirect if necessary
authRequired: true
}
})
/**
* Adds a special `whenAuthenticated` method onto $routeProvider. This special method,
* when called, invokes the requireUser() service (see simpleLogin.js).
*
* The promise either resolves to the authenticated user object and makes it available to
* dependency injection (see AuthCtrl), or rejects the promise if user is not logged in,
* forcing a redirect to the /login page
*/
.config(['$routeProvider', function($routeProvider) {
// credits for this idea: https://groups.google.com/forum/#!msg/angular/dPr9BpIZID0/MgWVluo_Tg8J
// unfortunately, a decorator cannot be use here because they are not applied until after
// the .config calls resolve, so they can't be used during route configuration, so we have
// to hack it directly onto the $routeProvider object
$routeProvider.whenAuthenticated = function(path, route) {
route.resolve = route.resolve || {};
route.resolve.user = ['requireUser', function(requireUser) {
return requireUser();
}];
$routeProvider.when(path, route);
}
}])
// configure views; the authRequired parameter is used for specifying pages
// which should only be available while logged in
.config(['$routeProvider', 'ROUTES', function($routeProvider, ROUTES) {
angular.forEach(ROUTES, function(route, path) {
if( route.authRequired ) {
// adds a {resolve: user: {...}} promise which is rejected if
// the user is not authenticated or fulfills with the user object
// on success (the user object is then available to dependency injection)
$routeProvider.whenAuthenticated(path, route);
}
else {
// all other routes are added normally
$routeProvider.when(path, route);
}
});
// routes which are not in our map are redirected to /home
$routeProvider.otherwise({redirectTo: '/home'});
}])
/**
* Apply some route security. Any route's resolve method can reject the promise with
* { authRequired: true } to force a redirect. This method enforces that and also watches
* for changes in auth status which might require us to navigate away from a path
* that we can no longer view.
*/
.run(['$rootScope', '$location', 'simpleLogin', 'ROUTES', 'loginRedirectPath',
function($rootScope, $location, simpleLogin, ROUTES, loginRedirectPath) {
// watch for login status changes and redirect if appropriate
simpleLogin.watch(check, $rootScope);
// some of our routes may reject resolve promises with the special {authRequired: true} error
// this redirects to the login page whenever that is encountered
$rootScope.$on("$routeChangeError", function(e, next, prev, err) {
if( angular.isObject(err) && err.authRequired ) {
$location.path(loginRedirectPath);
}
});
function check(user) {
if( !user && authRequired($location.path()) ) {
$location.path(loginRedirectPath);
}
}
function authRequired(path) {
return ROUTES.hasOwnProperty(path) && ROUTES[path].authRequired;
}
}
]);
相关文章:
- 如何访问对象内部的“categoryIds”字段/键,该对象包含mongodb's `ObjectId(s)`数
- 使用js或extjs访问对象的java列表
- Javascript-访问对象
- 访问对象的最简单方法'的单独财产
- 分析云代码访问对象
- 如何从字符串变量访问对象属性
- 访问对象中的数组
- 如何访问对象's成员通过另一种方法填充的方法
- 访问对象内的数组
- 是否可以在定义对象时访问对象值
- Javascript 无法访问对象的属性
- $.each 中的“this”,当需要使用“this”访问对象的函数时
- 函数中的 angularJS 访问对象属性不起作用
- 通过存储在变量中的名称访问对象
- 访问对象内部的数组
- 如何从类函数内部访问对象属性
- 访问对象和指定变量
- Javascript - 使用 for 时遇到问题.以循环访问对象
- 为什么可以在内部函数成员中访问对象引用,而不能在内部属性成员中访问
- 当对象的键中有冒号时,如何访问对象属性