Like authentication, the canActivate guard check can also be used for authorization. Implement a class with the CanActivate interface and inject the SessionContext service into the constructor; then, check whether the user belongs to a specific role in the canActivate function using the SessionContext service. Check out the following code snippet:
export class AuthGuard implements CanActivate { constructor(private session:SessionContext) { } canActivate() { return this.session.isAuthenticated && session.isUserInRole(['Contributor', 'Admin']); } }
Only users with roles of Contributor and Admin now have access to routes that have this guard condition.
But what happens when a page has view elements that are rendered based on the user's role?