duanpaxin3531 2015-10-23 04:36
浏览 58
已采纳

单页应用程序的访问控制列表

I am trying to manage access permissions (Laravel and Backbone.js based SPA) on both roles & subscription types.

Although it is simple to control access to API endpoints based on the quoted criteria, I am not able to figure out how this can be done on frontend. What are the best practices on that?

To sum up the problem, there are basically two things to resolve:

  1. How to render the menu.
  2. How to render the components on each screen.

Optionally one could think about permitted routes too. Then, a good practice would be to only return from the backend the ACL for the user and determine from it which items to render in the menu and the screens (what will imply to write some kind of mapper between the ACL and the access control and rendering) or would it be better to return more specific information (e.g. the menu structure).

Can I get any advice on this?

  • 写回答

1条回答 默认 最新

  • doudu9652 2016-04-02 08:58
    关注

    Returning permission detail from API should be enough. For eg. On successful login return all permission which are accessible to user and store it in app's local-storage. Later you can use permission to check whether to give user access to menu/component or not. So based on permissions you can show/hide the menu items.

    You can even write a small function which accept one parameter for permission check and it would return true/false based on existence/non-existence. So when ever you require to check permission you can call the permission check function and make decision whether to show/hide the menu item or component.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计