I'm new to Angular and Node.js, so the question might be pretty basic. I'm using the seed at https://github.com/btford/angular-express-blog for my angular-express project and if you look at the controllers file: https://github.com/btford/angular-express-blog/blob/master/public/js/controllers.js, pretty much all views are loaded using $location.url or $location.path, which I understand, is an equivalent of a window.location js call (no data passed as a part of the call).
Let's say I have got a JSON object returned from an API, and I'd like to pass that information to the next page (controller), is service the best way to go? It sounds very unnatural to me because it's just transient data that I'd like to pass in an object, as opposed to a service. Can someone help me with the best practices here?
Also, if all of this rendering is taken care at the client side, how can I secure my application? For example, if I have an admin view that's to be shown only to users with special privileges, how can I prevent someone from rendering that view, if all the logic is on the client side? I know the actions can be prevented on the server side, but how about completely preventing such things?
You may also want to look route resolves, it allows you to inject the result of a promise to the controller, and ensure that the promise resolves before loading the page/controller