Controller level security in angular

Question

First time developing an angular app and I'm wondering what is the right way to have a route/controller level security. I basically want to restrict user to some app parts and have this requirement:

1. Forbid access certain routes if the user is not logged, redirect to login if user is not logged, if user is logged access that page.
2. Forbid access certain routes based on users fields, so for example if user has verified: false object field or some other way to hold the user data, then redirect user to the verification page. If user has verified: true allow access to the page.

How I though to do this would be, to make a service which will have method verified() and return the right value for the user, I would use the service in the controller, and this method to manually redirect based on the above requirements. My concern is a security of course, but also not to reinvent the wheel.

Answer 1

For example in the run block:

$rootScope.$on('$stateChangeStart',
    function (event, toState, toParams, fromState, fromParams) {
        var access_denied = [
            (toState.access === 'public'),
            (toState.access === 'protected'),
            (toState.access === 'private')];

        // example restriction
        if (accedd_denied[1] || accedd_denied[2]) {
            event.preventDefault();
            $state.go('login');
        }

Example router state:

state('login', {
    url: '/user/login',
    controller: 'UserController',
    access: 'public',
})