Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
cr-acl
[](https://travis-ci.org/ngutils/cr-acl)
- 0.5.0
- npm
crAcl
Overview
crAcl is Access Control List module for AngularJs. It works with UI-Router letting you to restrict the access of specific routes to a set of roles.
Install
You can use bower
bower install cr-acl
add to your html:
<script src="bower_components/angular-ui-router/release/angular-ui-router.js"></script>
<script src="bower_components/cr-acl/cr-acl.js"></script>
then inject it in your app:
angular.module(
'ngtest',
[
'ui.router',
'cr.acl'
]
)
Role configuration
There are two fathers of all roles: ROLE_USER for authenticated users and ROLE_GUEST for anonymous users.
You can set a role hierarchy configuration.
.run(['crAcl', function run(crAcl) {
crAcl.setInheritanceRoles({
"ROLE_CUSTOMER" : ["ROLE_USER"],
"ROLE_CLIENT" : ["ROLE_CUSTOMER", "ROLE_USER"]
});
}])
In this exaple the role ROLE_ADMIN if over ROLE_CUSTOMER (that's father of ROLE_USER) and ROLE_USER.
Assign role to users
Whenever you want (for example after a successful login action) you can set the role of a user with crAcl service (inject it into your controllers, services, directive...):
$scope.login = function(){
crAcl.setRole("ROLE_USER");
};
Default role is ROLE_GUEST
If your user is not allowed for this route triggers a redirect to unauthorized state.
You can override it in the run:
.run(['crAcl', function run(crAcl) {
crAcl.setRedirct("your-login-state-name");
}])
Restrict route access
Now you can set a list of granted role for single state:
.config(function config($stateProvider ) {
$stateProvider.state('home', {
url: '/home',
views: {
"main": {
controller: 'HomeCtrl',
templateUrl: 'home/home.tpl.html'
}
},
data:{
is_granted: ["ROLE_USER"]
}
});
$stateProvider.state( 'dashboard', {
url: '/dashboard',
views: {
"main": {
controller: 'DashboardCtrl',
templateUrl: 'home/dashboard.tpl.html'
}
},
data:{
is_granted: ["ROLE_ADMIN"]
}
});
})
In this example, the home route is accessible by both ROLE_CUSTOMER and ROLE_ADMIN (because that roles extend ROLE_USER) and the dashboard route is accessible only by ROLE_ADMIN.
Directive
You can prevent compilation of specific DOM components with the cr-granted directive:
<div cr-granted="ROLE_ADMIN">Hello Admin!</div>
This directive supports multiple roles:
<div cr-granted="ROLE_CUSTOMER,ROLE_SUPPORT,ROLE_GUEST">Hello guys!</div>
FAQs
[](https://travis-ci.org/ngutils/cr-acl)
The npm package cr-acl receives a total of 1 weekly downloads. As such, cr-acl popularity was classified as not popular.
We found that cr-acl demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 30 Mar 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025