Reputation: 499
The best and safest place to store and retrieve user access information
From the server I get a list of places that the session user has access to. Now I want to store these roles where I can show or not display the route or buttons for the user. Where is the best place to store this data in Angular?
Upvotes: 0
Views: 103
Answers (1)
Reputation: 6365
Short answer
Inside of a service.
Why?
You mention that you receive a list of places from the server: the client can use for example Chrome's Developer Tools to inspect the network traffic and just read the list of places there.
You should secure the access to your routes and content server side, and don't worry about the client-side "security". The user has access to the full client-side source code. If the client-side environment can decrypt or access something, then eventually so can the client.
There's many kind of storage available on the client side: There's the LocalStorage API for persistent storage, or you can make an Angular service that transiently stores the retrieved role information. But just keep in mind that your user can read everything that you write in your Angular application, so trying to keep buttons or routes hidden won't work on power users going through your code.
Upvotes: 1
Related Questions
- Where to store global data in Angular?
- Angular - Where to store permanent user information except on local storage
- What's the best approach for user auth login?
- What's the best way to work with permissions in Angular 4?
- What is the best place to save logged in user object in Angular 5
- Where to store the user credentials in an Angular application?
- Angular 2/4 - Storing the Current User Object Details in front-end (rather than making continuous HTTP requests to back-end)
- Best way to keep authenticated user profile in Angular2
- where in an angular app is a good place to store "shared" data
- What is the correct way of storing application data in an Angular 2.0 app?