Nathan Woods

To combine The origional author's work, @elwinarens work, and the idea that a parameterized path really messes with things, try this bit of code...

// ...
run(function ($rootScope, $route, SessionService) {
    var rts = $route.routes;
    $rootScope.$on('$locationChangeStart', function (event, next) {
        next = /* TODO: cleanup next */;
        var my_access = SessionService.getUserAuthenticated();
        for (var k in rts) {
            if (
                rts[k].hasOwnProperty('regexp') && 
                rts[k].regexp.test(next) &&
                /* TODO: check your access here */
            ) {
                alert('you need authentication to view this page');
                event.preventDefault();
                break;
            }
        }
    });
}).
// ...

I left the access portion checking as a comment, as I have a slightly more complicated scheme than authenticated or not-authenticated.

This allows you to get rid of the global routes object, as it uses the internal routes, and the parameterized routes are matched via the internal regexp that angular creates for us.

Still needs some work, but hopefully it will get people thinking...