admin

Please wait...

Role-Based Access Control

security Role-Based Access Control (RBAC)

MediDash implements a comprehensive role-based access control (RBAC) system to ensure that users can only access the features and data that are appropriate for their role. The system is built on four core components that work together to provide secure and scalable authentication and authorization.

folder
File Location: All role configuration files are located in the src/app/core directory, organized into logical subdirectories for easy maintenance.

label 1. Role Definition (role.ts)

The Role enum is the foundation of the RBAC system. It defines all available user roles in the application, with each role assigned a unique string identifier.

File Location
src/app/core/models/role.ts
Key Benefits
  • check_circle_outlineCentralized role management for consistency.
  • check_circle_outlineType-safe role references to prevent errors.
  • check_circle_outlineEasy to extend with new roles as your application grows.
  • check_circle_outlineConsistent naming conventions for all roles.
Implementation

export enum Role {
  Admin = 'ADMIN',
  Doctor = 'DOCTOR',
  Patient = 'PATIENT',
  Nurse = 'NURSE' // Example of an additional role
}

person_outline 2. User Model (user.ts)

The User class defines the data structure for user information throughout the application, including authentication details and role assignments.

File Location
src/app/core/models/user.ts
Key Properties
  • fingerprintid - A unique identifier for each user.
  • account_boxusername - The user's login credential.
  • vpn_keyrole - The user's assigned role, based on the Role enum.
  • securitytoken - The JWT authentication token for the user.
Implementation

import { Role } from './role';

export class User {
  id!: number;
  username!: string;
  password!: string;
  firstName!: string;
  lastName!: string;
  token!: string;
  role!: Role;
  img!: string;
}

login 3. Authentication Service (auth.service.ts)

The AuthService is the heart of the authentication system. It handles user login, session management, and role-based permissions using the NGX Permissions library.

File Location
src/app/core/service/auth.service.ts
Core Responsibilities
  • how_to_regAuthenticates users and loads their permissions.
  • logoutClears user sessions and permissions on logout.
  • recent_actorsProvides access to the current user's data.
  • savePersists user sessions to local storage.
Key Features
  • checkJWT token management for secure authentication.
  • checkDynamic role-based permission loading.
  • checkReactive user state management with RxJS.
  • checkBuilt-in error handling and validation.

shield 4. Authentication Guard (auth.guard.ts)

The AuthGuard protects routes based on user authentication status and role permissions, ensuring secure navigation.

File Location
src/app/core/guard/auth.guard.ts
Protection Mechanisms
  • verified_userRoute access validation
  • groupRole-based restrictions
  • blockUnauthorized access prevention
  • directionsAutomatic redirection
  • syncSession state checking
Implementation Example

In your route configuration, protect routes like this:


{
path: 'admin',
canActivate: [AuthGuard],
data: {
    role: Role.Admin,
},
loadChildren: () =>
    import('./admin/admin.routes').then((m) => m.ADMIN_ROUTE),
},

Multiple roles example:


data: { role: [Role.Admin, Role.Doctor] }

extension Extending Role Functionality

To add new roles or modify existing role behavior, follow these best practices:

Adding New Roles
  1. Add the new role to the Role enum in role.ts
  2. Update route protections as needed
  3. Create corresponding UI components and navigation
  4. Configure permissions in NGX Permissions if required
  5. Update user data to include the new role
Best Practices
  • check_circleUse descriptive role names
  • check_circleMaintain role hierarchy consistency
  • check_circleDocument role permissions clearly
  • check_circleTest role access thoroughly
  • check_circleImplement role-based UI elements