javascript - How to deal with user permissions in single page application -


i'm working on single page enterprise application pretty complex logic user permissions. huge part of works entirely on client communicating backend server using ajax sending json , forth. tricky part need implement permission mechanism on per-entity basis, , dont know how right way.

to explain myself here example code, have 2 entity classes on backend user , node:

class user {     long id; } class node {     long id;     string name;     status status;     node parent;     list<user> admins; } enum status {     status_1, status_2 }

i send json of parent node server: 

{id: 1, name: "node name 1", status: 'status_1'}

and recieve json bunch of child nodes:

[     {id: 11, name: "node name 1.1", status: 'status_1'},      {id: 12, name: "node name 1.2", status: 'status_1'} ]

on client displayed in tree-like structure, this:

ui

now tricky part:

  1. simple user works application can see tree, can't change anything.

  2. user can change node name if among admins of node or of parent nodes.

  3. admins can change status of node, status_1 status_2, if child nodes has status_2 status.

  4. there list of super adminstrators can whatever want: change properties of node, change status want.

so somehow, during rendering of tree on client, need know user can or cannot each of node on page. can't assign user role within whole application because user rights vary 1 node another. can't see whole picture on client side because child nodes may not loaded. how can manage user permissions in situation this? what's proper way or pattern use?

should attach role object each node, or maybe bunch of flags representing user can or cannot that:

{      id: 12,      name: "node name 1.2",      status: "status_1",      canchangename: true,     canchangestatus: false }

that looks pretty silly me.

i solve complex (and not complex) permission-based tasks in application using acl classes.

i have simple, lighweight classes, take model, permissions being checked, , user object constructor. have bunch of methods names canxxxx(). these methods can optionally take parameters if needed.

if have same model classes on front , back, might able reuse acls in both cases.

can use approach?


Comments

Post a Comment

Popular posts from this blog

node.js - Using Node without global install -

i'm working on few node & electron (atom shell) projects , i'm curious how them work without user having install node globally. i've seen few applications including node directory in project contains node.exe binary. how go setting node project use binary? edit: thought should add, i've searched everywhere answer this, unrelated results.
Read more

How to access a php class file from PHPFox framework into javascript code written in simple HTML file? -

i've website developed using phpfox v3.0.7 . now i'm trying implement 'sse(server sent events)' 1 of php files. reference i'm giving below necessary code part of file. file titled process.class.php , present @ location /var/www/module/notification/include/service/process.class.php present on server having ip http://34.124.40.142/ . <?php /** * [phpfox_header] */ header('content-type: text/event-stream'); header('cache-control: no-cache'); defined('phpfox') or exit('no dice!'); /** * * * @copyright [phpfox_copyright] * @author raymond benc * @package phpfox_service * @version $id: service.class.php 67 2009-01-20 11:32:45z raymond_benc $ */ class notification_service_process extends phpfox_service { /** * class constructor */ public function __construct() { $this->_stable = phpfox::gett('notification'); } public function add($...
Read more

java - Null response to php query in android, even though php works properly -

Image
table i'm trying retrieve above data using 2 php files below. want pass email parameter , return bets user = email. work fine when tested advanced rest client, problem not php. however, when try through android 2 java classes below, null pointer exception (logcat below) , json object returned null. i'm not sure error is, think i'm not passing parameter php , that's why it's producing null response. logcat 05-31 15:10:50.227 26074-26074/com.example.albert.betterapp e/androidruntime﹕ fatal exception: main process: com.example.albert.betterapp, pid: 26074 java.lang.runtimeexception: unable start activity componentinfo{com.example.albert.betterapp/com.example.albert.betterapp.displayallbets}: java.lang.nullpointerexception @ android.app.activitythread.performlaunchactivity(activitythread.java:2292) @ android.app.activitythread.handlelaunchactivity(activitythread.java:2350) @ android.app.activitythread.acce...
Read more