First time developing an angular app and I'm wondering what is the right way to have a route/controller level security. I basically want to restrict user to some app parts and have this requirement:
- Forbid access certain routes if the user is not logged, redirect to login if user is not logged, if user is logged access that page.
- Forbid access certain routes based on users fields, so for example if user has
verified: false
object field or some other way to hold the user data, then redirect user to the verification page. If user hasverified: true
allow access to the page.
How I though to do this would be, to make a service which will have method verified()
and return the right value for the user, I would use the service in the controller, and this method to manually redirect based on the above requirements. My concern is a security of course, but also not to reinvent the wheel.