I am trying to manage access permissions (Laravel and Backbone.js based SPA) on both roles & subscription types.
Although it is simple to control access to API endpoints based on the quoted criteria, I am not able to figure out how this can be done on frontend. What are the best practices on that?
To sum up the problem, there are basically two things to resolve:
- How to render the menu.
- How to render the components on each screen.
Optionally one could think about permitted routes too. Then, a good practice would be to only return from the backend the ACL for the user and determine from it which items to render in the menu and the screens (what will imply to write some kind of mapper between the ACL and the access control and rendering) or would it be better to return more specific information (e.g. the menu structure).
Can I get any advice on this?