Check If Articles Policy Allows

[AliceRossa]

Hello,

I am a beginner with AngularJS, I will wish that only admins can add, edit and delete articles.

I work on the branch 0.4.0 and I edited the articles.server.policy.js file like this:

roles: ['user'],
  allows: [{
    resources: '/api/articles',
    permissions: ['get', <del>'post'</del>]
} ...

User group can't post articles from api BUT can still see 'create article' view, how can I hide and redirect the user?

Something like this? But where do I put this code?

if ($scope.authentication.user.roles.indexOf('admin') > -1) $location.path('/');

Thank you very much for your help, greetings from France!

[ilanbiala]

Please highlight your code blocks properly to make it easier for others to help.

[AliceRossa]

Sorry I am new here , I just change my code blocks.
Do you have any idea to help me?

[ilanbiala]

You need to add that to somewhere in the article module on the client side to prevent the user from accessing any of those pages. Maybe do a resolve in the states or something like that.

[anderskristo]

I would do like this:
In your controller, redirect to home if user isn't Admin.

if (!$scope.authentication.user.roles.indexOf('admin') $location.path('/');

In your view:

 data-ng-show="authentication.user"

or something like that?

[codydaig]

@AliceRossa - We're you able to figure this out?

[mleanos]

@AliceRossa perhaps this PR is something along the lines of what you need? #807

[codydaig]

@AliceRossa I'm closing this issue for now. If it's still an issue, feel free to reopen.