1

我在 angularjs 的模糊管理模板中使用 RBAC。我有以下场景 - 假设,我有名为“实用程序”的主侧菜单,其中包括 3 个子菜单。也就是说,当用户点击Utilities时,他会看到 3 个子菜单 - 1) EDI Mapper 2) Inventory Mapper 3) Invoice Mapper

菜单结构

我的utility.module.js是 -

(function() {
  'use strict';

  angular.module('BlurAdmin.pages.utilities', [
      'ui.select',
      'ngSanitize',
      'BlurAdmin.pages.utilities.ediMapper',
      'BlurAdmin.pages.utilities.inventoryMapper',
      'BlurAdmin.pages.utilities.invoiceMapper',
    ])
    .config(routeConfig);

  /** @ngInject */
  function routeConfig($stateProvider) {
    $stateProvider
      .state('main.utilities', {
        url: '/utilities',
        template: '<ui-view  autoscroll="true" autoscroll-body-top></ui-view>',
        abstract: true,
        title: 'Utilities',
        sidebarMeta: {
          icon: 'ion-hammer',
          order: 100,
        },
        authenticate: true,
        params: {
          authRoles: ['admin', 'inventory-user']
        }
      });
  }

})();

其中,authRolesadmin 和 inventory-user。也就是说,实用程序菜单仅对admin 和 inventory-user可见,但对任何其他用户不可见。我想为子菜单实现相同的功能,我为子菜单实现了相同的逻辑 -库存映射器如下 -

inventoryMapper.module.js -

(function() {
  'use strict';

  angular.module('BlurAdmin.pages.utilities.inventoryMapper', ['angularFileUpload'])
    .config(routeConfig);

  /** @ngInject */
  function routeConfig($stateProvider) {
    $stateProvider
      .state('main.utilities.inventoryMapper', {
        url: '/inventoryMapper',
        templateUrl: 'app/pages/utilities/inventoryMapper/inventoryMapper.html',
        controller: 'inventoryMapperCtrl as vm',
        title: 'Inventory Mapper',
        sidebarMeta: {
          icon: 'ion-ios-pulse',
          order: 100,
        },
        authenticate: true,
        params: {
          authRoles: ['admin', 'inventory-user']
        }
      });
  }
})();

invoiceMapper.module.js -

(function() {
  'use strict';

  angular.module('BlurAdmin.pages.utilities.invoiceMapper', ['angularFileUpload'])
    .config(routeConfig);

  /** @ngInject */
  function routeConfig($stateProvider) {
    $stateProvider
      .state('main.utilities.invoiceMapper', {
        url: '/invoiceMapper',
        templateUrl: 'app/pages/utilities/invoiceMapper/invoiceMapper.html',
        controller: 'invoiceMapperCtrl as vm',
        title: 'Invoice Mapper',
        sidebarMeta: {
          icon: 'ion-ios-pulse',
          order: 100,
        },
        authenticate: true,
        params: {
          authRoles: ['admin', 'inventory-user']
        }
      });
  }
})();

与 EDIMapper.module.js 类似,带有authRoles: ['admin', 'edi-user'].

现在,在这里,问题是当我使用inventory-user登录时,他应该只能看到Utilities -> Inventory Mapper而不是实用程序下的其他两个子菜单 EDI Mapper & Invoice Mapper,但他看到了所有这些

目前,所有用户都可以看到所有子菜单,Utilities并希望将它们限制在他们的子菜单中。其他子菜单不应该对他们访问/可见。

简而言之,库存用户登录的预期输出是 - 库存用户子菜单

发票用户登录的预期输出是 -

发票用户子菜单

4

1 回答 1

1

问题并不完全在于模块,只是在 utility.module.js 中添加了所有角色如 - authRoles: ['admin', 'inventory-user', 'invoice-user', 'edi-user']。并提到这一点getAuthorizedMenuItems(),在baSidebar.service.js中更新如下 -

this.getAuthorizedMenuItems = function(user) {
    var states = defineMenuItemStates();
    var menuItems = states.filter(function(item) {
        return item.level == 0 && _.includes(item.authRoles, user.role);
    });

    menuItems.forEach(function(item) {
        var children = states.filter(function(child) {
            // added this - _.includes(child.authRoles, user.role);, here level == 1 means submenus
            return child.level == 1 && child.name.indexOf(item.name) === 0 && _.includes(child.authRoles, user.role);
        });
        item.subMenu = children.length ? children : null;
    });

    return menuItems.concat(staticMenuItems);
};
于 2017-10-03T07:39:08.363 回答