sec:authorize="hasRole('ROLE_ADMIN')" in angular

Question

I am implementing Role based spring security

In this example they have used thymeleaf for frontend purpose, but I am using angular9 with html.

they are using sec:authorize="hasRole('ROLE_ADMIN')" to provide access to the admin,in the same way if I want to provide the same thing in html, for that I have used the following code,

    <li *ngFor="let user of users">
        {{user.username}} ({{user.firstName}} {{user.lastName}})
        - <a sec:authorize="hasRole('ROLE_ADMIN')" (click)="deleteUser(user.userid)" class="text-danger">Delete</a>
    </li>

The person logged in is Role_user, eventhough the delete link is visible to the user. How can I restrict.

Thanks in advance.

`sec:authorize` is a thymeleaf specific implementation. Angular has no idea about this. — Prashant, Feb 28 '20 at 10:44
You will have to do that by yourself probably by having a roles field in the response of an ajax call and then by checking if the the particular role is present for the user. — Prashant, Feb 28 '20 at 11:38

Sahil Ralkar · Answer 1 · 2020-03-06T05:35:10.113

1

use *ngIf directive to show and hide the anchor tag

<li *ngFor="let user of users">
        {{user.username}} ({{user.firstName}} {{user.lastName}})
        - <a *ngIf="hasRole('ROLE_ADMIN')" (click)="deleteUser(user.userid)" class="text-danger">Delete</a>
    </li>

but the hasRole() must return boolean. because *ngIf accepts the boolean

edited Mar 06 '20 at 05:35

answered Feb 28 '20 at 13:07

Sahil Ralkar

2,331
23
25

sec:authorize="hasRole('ROLE_ADMIN')" in angular

1 Answers1