So, I'm trying to protect the access to several routes by using guards. I'm using the following routes to do so :
const adminRoutes : Routes = [
{
path: 'admin',
component: AdminComponent,
canActivate: [ AuthGuardService ],
children : [
{
path: '',
canActivateChild: [ AuthGuardService ],
children: [
{ path: 'edit', component: DashboardComponent},
{ path: '', component: DashboardComponent}
]
}
]
}
];
Here's a look at what AuthGuardService
looks like
import { Injectable } from '@angular/core';
import {CanActivate, Router, ActivatedRouteSnapshot, RouterStateSnapshot} from "@angular/router";
@Injectable()
export class AuthGuardService implements CanActivate{
constructor(private router: Router) { }
canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot){
console.log("Guarding...");
return this.sessionValid();
}
canActivateChild(route: ActivatedRouteSnapshot, state: RouterStateSnapshot){
console.log("Guarding children...");
return this.canActivate(route, state);
}
sessionValid() : boolean {
//tests
}
}
When I try to access to '/admin' and '/admin/edit' with canActivate
only (canActivateChild
is commented) the console displays
Guarding...
When I remove canActivate
and bring canActivateChild
back the console displays
Guarding children...
When I keep both, it goes back to displaying Guarding...
.
So, my question is what's the purpose of having canActivateChild
when canActivate
protects both the root element and the children ?
PS : I get it that canActivateChild
runs before the child route is activated. But what are the benefits of that ? Isn't keeping only one of them sufficient ?
In my view, the
CanActivate
is used to restrict access from a certain path and all the sub-paths andCanActivateChild
is used to restrict access to a specific group inside theCanActivate
path.Example:
Because you need two types of validations, you cannot have two
canActivate
methods, so you need thecanActivateChild
for checking the permision inside thecanActivate
path. Obviously, you can create a different guard service (AuthGuardForChildrenRoutes
) and still usecanActivate
method, but that's not the point.Both are important because you may have differing requirements where a user can get to the root component, but may not meet conditions for child components.
Example: You could have a situation where a user must be authenticated to navigate to the root component, but must have permission 'x' to get to child components. In cases like this,
canActivateChild
saves a lot of typing from having to addcanActivate
guards to each of the children.EDIT:
For example, you may have an Admin Module where all routes need to be guarded against unauthorized entry:
This would need to be protected from the top down. No unauthorized access to any of the routes, including the root and children. In this situation
canActivate
at the root level works great to protect everything.But you may also have times where you have a Feature module where only certain children need to be guarded:
In this situation, maybe all users need to get to the root components 'featureA' and 'featureB', but only certain users need to be able to navigate to the child routes of 'featureA'. In this case it is easier to use one guard at the root level to protect the children, but not the root itself. The alternative is to put
canActivate
guards on each child route, which could get tedious.It really all depends upon your requirements, but it can be nice to have both options of
canActivate
andcanActivateChild
.In your example you have called canActivate inside canActivateChild, hence both the guards are getting called when you are traversing among child routes. If you were to have different authentication logic inside both the guards, your canActivate guard won't execute while traversing among child routes.