Why us?

Process
Startup mindset and global level growth
Talent
How we attract and engage with the very best
Culture
The values that guide and inspire us
Services

Design
Create tailor-made apps to meet you goals
Develop
Build exceptional mobile and web apps
Scale your team
Speed up your in-house development.
Cloud
Deploy great apps ready to scale
End-to-end
Build products that matter
Work

All

Agtech

Healthcare

B2B SaaS

B2C

Retail

Government

Fintech

Energy
Insights

Playbook
Our daily work guiding principles
Blog
Our contribution to the community
Podcast
Listen to our Octobot Tech Talks
Education
Resources to improve your work
Meetups
Montevideo Web Developers meetup
Careers

Life at Octobot
What it’s like to be part
of our crew
Team
Get to know our skilled software dev team
Open positions
Join our team!
Contact us

Octobot

25 Nov 2016

AngularJS ui.router per view authorization

Most AngularJS applications need a routing mechanism to allow for navigation among it’s potentially multiple states. One of the most popular tools to do this is ui.router, which is awesome!

Using it, we face a situation in which some routes can be accessed by anyone, while others require authorization. For this cases we use the following elegant and easy mechanism, which consist of 3 simple steps.

Add a boolean attribute authenticate to each ui.ruoter state and choose a proper value for it.

				
					// ------------------------------------------------------------
// Public page - Authentication is NOT required.
// ------------------------------------------------------------
.state('public-page', {
    url: '/',
    authenticate: false,
    other attributes...
})

// ------------------------------------------------------------
// Private page - Authentication IS required.
// ------------------------------------------------------------
.state('private-page', {
    url: '/private-page',
    authenticate: true,
    other attributes...
})

Handle the user authentication status in some place that could be easily reached, like a service. It would be a good idea to have an Authentication service in charge of having the information about the authentication status, and a method to access this information (let’s say, AuthenticationService.isAuth())
Check for every state transition if the page that the user is trying to access is public or requires authentication, and based on that, complete the transition or abort it. A good place to perform this check is in the application’s run method.

				
					.run(['$rootScope', '$state', 'authService', function($rootScope, $state, AuthenticationService) {

    $rootScope.$on('$stateChangeStart', function(event, toState, toParams) {

        if (toState.authenticate && !AuthenticationService.isAuthenticated()) {
            // Remember toState and toStateParams.
            $rootScope.toState = toState.name;
            $rootScope.toStateParams = toParams;
            // Abort transition
            event.preventDefault();
            // Redirect to login page
            $state.go('login');
        }
    });
}])

Then, another interesting thing that you can do is to remember the toState value, to redirect to when the login succeeds.

				
					if ($rootScope.toState && $rootScope.toState !== 'login') {
    $state.go($rootScope.toState, $rootScope.toStateParams).then(function() {
        // Reset toState and toStateParams.
        $rootScope.toState = undefined;
        $rootScope.toStateParams = undefined;
    });
} else {
    $state.go('home');
}

That’s it. Simple and elegant, isn’t it?