Implementing Role-Based Access Control in MEAN Stack

Implementing Role-Based Access Control in MEAN Stack

Implementing Role-Based Access Control (RBAC) in a MEAN Stack (MongoDB, Express.js, Angular, Node.js) application involves assigning specific roles to users and controlling access to resources based on those roles. Here's a step-by-step guide to implementing RBAC in a typical MEAN application:


๐Ÿ” Role-Based Access Control in MEAN Stack

1. Define User Roles

First, decide the roles needed for your application. For example:


admin


editor


viewer


2. Backend (Node.js + Express.js + MongoDB)

๐Ÿ“ A. User Schema (models/User.js)

js

Copy

Edit

const mongoose = require('mongoose');


const UserSchema = new mongoose.Schema({

  username: String,

  password: String,

  role: {

    type: String,

    enum: ['admin', 'editor', 'viewer'],

    default: 'viewer'

  }

});


module.exports = mongoose.model('User', UserSchema);

๐Ÿ“ B. Middleware to Check Roles (middleware/auth.js)

js

Copy

Edit

// Check if user is authenticated and has a required role

function authorizeRoles(...allowedRoles) {

  return (req, res, next) => {

    if (!req.user) {

      return res.status(401).json({ message: 'Unauthorized' });

    }


    if (!allowedRoles.includes(req.user.role)) {

      return res.status(403).json({ message: 'Forbidden: Access denied' });

    }


    next();

  };

}


module.exports = {

  authorizeRoles

};

๐Ÿ“ C. Authentication Middleware (middleware/jwtAuth.js)

Assumes you use JWT for authentication.


js

Copy

Edit

const jwt = require('jsonwebtoken');

const User = require('../models/User');


async function authenticateJWT(req, res, next) {

  const token = req.headers.authorization?.split(' ')[1];


  if (!token) return res.status(401).json({ message: 'No token provided' });


  try {

    const decoded = jwt.verify(token, process.env.JWT_SECRET);

    req.user = await User.findById(decoded.userId).select('-password');

    next();

  } catch (err) {

    res.status(403).json({ message: 'Invalid token' });

  }

}


module.exports = { authenticateJWT };

๐Ÿ“ D. Secured Routes Example (routes/admin.js)

js

Copy

Edit

const express = require('express');

const router = express.Router();

const { authenticateJWT } = require('../middleware/jwtAuth');

const { authorizeRoles } = require('../middleware/auth');


router.get('/dashboard', authenticateJWT, authorizeRoles('admin'), (req, res) => {

  res.json({ message: 'Welcome to the admin dashboard' });

});


module.exports = router;

3. Frontend (Angular)

๐Ÿ“ A. User Role Handling (e.g., AuthService)

ts

Copy

Edit

getUserRole(): string {

  const user = JSON.parse(localStorage.getItem('user')!);

  return user?.role;

}


isAdmin(): boolean {

  return this.getUserRole() === 'admin';

}

๐Ÿ“ B. Role-Based Guard (auth.guard.ts)

ts

Copy

Edit

import { Injectable } from '@angular/core';

import { CanActivate, Router } from '@angular/router';

import { AuthService } from './auth.service';


@Injectable({ providedIn: 'root' })

export class AdminGuard implements CanActivate {

  constructor(private authService: AuthService, private router: Router) {}


  canActivate(): boolean {

    if (this.authService.isAdmin()) {

      return true;

    }

    this.router.navigate(['/unauthorized']);

    return false;

  }

}

๐Ÿ“ C. Angular Routes with Role Guard

ts

Copy

Edit

const routes: Routes = [

  { path: 'admin', component: AdminComponent, canActivate: [AdminGuard] },

  { path: 'unauthorized', component: UnauthorizedComponent }

];

4. Security Tips

Always validate roles on the server – never trust client-side role enforcement.


Use HTTPS to protect tokens.


Store only non-sensitive user info in localStorage/sessionStorage.


Keep user roles in JWT or use session-based auth if preferred.

Learn MEAN Stack Course

Read More

Using Angular Services to Interact with MongoDB MEAN

Form Validation in Angular with Express API Integration MEAN

Visit Our Quality Thought Training in Hyderabad

Get Directions 

Comments

Post a Comment

Popular posts from this blog

Entry-Level Cybersecurity Jobs You Can Apply For Today

๐Ÿ” Entry-Level Cybersecurity Jobs in Hyderabad 1. Cyber Security Analyst – L1 Company: Wipro Limited Location: Hyderabad Salary: ₹4–6 LPA Description: Assist with internal and external audits related to information security, maintain an information security risk register, and support security operations. Source:  Glassdoor 2. Security Analyst L1 Company: UltraViolet Cyber Location: Hyderabad Salary: ₹3–4 LPA Description: Identify and triage potential security incidents based on established procedures and playbooks; familiarity with security tools is beneficial. Source:  Glassdoor 3. Associate Information Security Analyst Company: NTT DATA Location: Hyderabad Experience: Entry-level Description: Handle security incidents end-to-end, work with various security technologies, and contribute to the development of security policies. Source:  Indeed 4. Cyber Security Analyst Company: Datametrics Software Systems Location: Hyderabad Salary: ₹4–6 LPA Description: Ensure security a...
Read more

Understanding Snowflake Editions: Standard, Enterprise, Business Critical

Understanding Snowflake Editions: Standard, Enterprise, Business Critical Snowflake offers several service editions to meet different business needs. These editions provide increasing levels of features, security, and compliance, depending on your organization's size, industry, and regulatory requirements. 1. Standard Edition Best for: Small to mid-sized teams or businesses that need core data warehousing features without advanced compliance needs. Key Features: Fully managed, cloud-native data platform Support for structured and semi-structured data Virtual warehouses for compute scaling Time Travel (1 day) – lets you query past versions of data Secure data sharing between Snowflake accounts Basic security with role-based access control Use Case Example: Startups or small companies analyzing business data without strict data compliance needs. 2. Enterprise Edition Best for: Organizations that need more control, scalability, and longer data retention. Includes everything in Standar...
Read more

Installing Tosca: Step-by-Step Guide for Beginners

๐Ÿงช Installing Tosca: Step-by-Step Guide for Beginners Tosca by Tricentis is a popular test automation tool used for end-to-end functional testing across various technologies like web, desktop, APIs, and more. Whether you're new to Tosca or setting it up for a QA team, this beginner-friendly guide walks you through the installation process step by step. ✅ System Requirements Before installation, make sure your system meets the minimum requirements: ๐Ÿ–ฅ️ Hardware: CPU: Dual-core or higher RAM: Minimum 8 GB (16 GB recommended) Disk: 5+ GB of free space ๐Ÿ’ป Software: OS: Windows 10 or 11 (64-bit) .NET Framework: 4.8 or later Microsoft SQL Server (for shared workspace, optional) Admin rights to install software ๐Ÿ”ฝ Step 1: Download Tosca Go to the official Tricentis Support Portal Create an account or log in. Navigate to Downloads > Tosca Testsuite Choose the latest stable version. Download the Tosca Installer (.exe) file. ๐Ÿ” You may need a valid Tricentis license or evaluation request ...
Read more