In UI-router FAQ, they suggested some way for preventing access to some states based on data.rule
method of states. Assuming current user is determined by some $currentUser
service.
However this assumption doesn't seem to be true in real world use cases. Because normally this $currentUser
service is implemented in a way that it queries current user from the server and probably the best it can return is a promise
of the current user. Therefore, at the moment that $stateChangeStart
event is triggered, it's quite possible for this promise to not be resolved yet.
So what's the best thing to do, considering the above discussion?
NOTE:
One workaround might be to include a resolve
property in every secured state, with a function that returns the promise of the current user. But I really don't like it because it kinda breaks encapsulation in my mind.