Say that's there are two users, UserA and UserB. I want to show userA only links like account, premium and manage. for UserB I would like to show only such as payments, credits and account. Is there any functionality is angular to only allow specific user access links
You need to generate Menu according to the permissions from Server End.
Create roles at server end, Assign users those roles, Assign Menu items accessible to those roles.
Now whenever, user logs in check his role and load menu items tagged to that role.
As extra layer of security, validate every client request against his roles as user may try to access other links not assigned to his role.
Matt Strom
Software Engineer, TypeScript ninja
Angular employs what it calls route guards for dealing with this sort of thing. (You will need to use the Angular Router to use guards.)
There are three types of guards: (1)
CanActivate, (2)CanActivateChild, and (3)CanDeactivate.CanActivateis the primary guard used for authorization logic. Angular will call your guard before it tries to activate a route. If the guard returnstrue(or one of the async optionsPromise<boolean>orObservable<boolean>), the route can activate. Otherwise the route cannot not activate, and Angular will not navigate.Example:
auth.guard.ts
export class AuthGuard implements CanActivate { canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot) { return new Promise((resolve) => { let isAuthorized = false; // Call out to your authentication/authorization service. resolve(isAuthorized); }); } }app-routing.module.ts
const routes = [ { // Any user can access this route path: 'public' } { // Only authorized users can access this route path: 'secured', canActivate: [AuthGuard] } ]; @NgModule({ imports: [ RouterModule.forRoot(routes) ], providers: [ AuthGuard ] }) export class AppRoutingModule {}Do remember that you must always secure your application on the backend. Never implicitly trust any request from the frontend. Even though Angular is preventing routes from being activated, a shrewd hacker could get past that security mechanism. I recommend checking out JSON Web Tokens and a third provider auth provider. They are great way to integrate high-grade security into your stack. Auth0 offers a free tier of their identity-as-a-service platform.