I have a web application using Rails as backend and AngularJS as frontend and it has a rather complicated permission system that must hide/show buttons in the frontend accordingly.
For example, imagine something like ebay, if I created a product, I can edit, delete, etc.. but somebody can share a product with me and I can also edit, but not delete. So the permission is calculated by resource, and not using roles.
I thought adding a "permissions" attribute to each json object, something like:
[{
id: 1,
name: "product 1",
permissions: {
canEdit: true,
canDelete: false
}
},
{
id: 2,
name: "product 2",
permissions: {
canEdit: true,
canDelete: true
}
}]
Is there any best practice to send each resource permissions to the frontend?
Aucun commentaire:
Enregistrer un commentaire