So I am trying to build an Angular SPA and want to restrict access for the editing dialogs. All my editing dialogs are displayed in a large modal window. So if users don't have editing rights, they shouldn't be able to open the modal at all, or only some of its content. Currently, the URL never changes when I open a modal. But I am not sure how to protect the editing functionality if I cannot specify a specific path... Should I now try to programmatically change the URL when opening a modal, or are there better ways to protect modals? If I need to move away from modals to achieve a user restriction, this would also be good to know.
Otherwise I would just hide the buttons for users without the required rights. Is that enough?
Thanks in advance!
Yes, hiding the buttons is best, or a simple if condition that checks the authorization before calling the method will be enough.
There is no benefit with using guards for this scenario, unless you want the popups to be open when you refresh the page, then opening the popup during URL update makes sense.
As I see it, you can just manually do it without worrying about the URL. Guards are meant for pages/sections of UI that are tied with routing, not for popups that are not tied with routing.
In the end it's your decision, but keep in mind these points when you make the change.