I have admin panel that was done in Yii and that web app is hosted on my resource server. I have separate identity server hosting all user information and Yii models and controllers for Users. Now I am switching whole admin panel to Angular but I want to keep functionalities such as model creation/update and call it via APIs. I already made some APIs for front-end for displaying data. The problem is I want to implement RBAC for my users, so only some users could access certain pages. I have 3 questions:
What would be a good idea to solve RBAC problem, because I do have separate servers (resource and identity). All Users are on identity server, and all apps and controllers which need access control are on my resource server?
Currently I have static login to my old Yii admin panel. When I am not logged in I can not display pages for creation of some models. Because I am switching admin panel to fronted what is the best idea to implement API Login, so I can access create/update pages for my models after I log in via API Login.
After successful implementation of point 2, is it possible to keep CRUD functions for my model and access it via APIs from Angular?
Any ideas are welcome.