duanpaxin3531 2015-10-23 04:36
浏览 58
已采纳

单页应用程序的访问控制列表

I am trying to manage access permissions (Laravel and Backbone.js based SPA) on both roles & subscription types.

Although it is simple to control access to API endpoints based on the quoted criteria, I am not able to figure out how this can be done on frontend. What are the best practices on that?

To sum up the problem, there are basically two things to resolve:

  1. How to render the menu.
  2. How to render the components on each screen.

Optionally one could think about permitted routes too. Then, a good practice would be to only return from the backend the ACL for the user and determine from it which items to render in the menu and the screens (what will imply to write some kind of mapper between the ACL and the access control and rendering) or would it be better to return more specific information (e.g. the menu structure).

Can I get any advice on this?

  • 写回答

1条回答 默认 最新

  • doudu9652 2016-04-02 08:58
    关注

    Returning permission detail from API should be enough. For eg. On successful login return all permission which are accessible to user and store it in app's local-storage. Later you can use permission to check whether to give user access to menu/component or not. So based on permissions you can show/hide the menu items.

    You can even write a small function which accept one parameter for permission check and it would return true/false based on existence/non-existence. So when ever you require to check permission you can call the permission check function and make decision whether to show/hide the menu item or component.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥25 关于##爬虫##的问题,如何解决?:
  • ¥15 ZABBIX6.0L连接数据库报错,如何解决?(操作系统-centos)
  • ¥15 找一位技术过硬的游戏pj程序员
  • ¥15 matlab生成电测深三层曲线模型代码
  • ¥50 随机森林与房贷信用风险模型
  • ¥50 buildozer打包kivy app失败
  • ¥30 在vs2022里运行python代码
  • ¥15 不同尺寸货物如何寻找合适的包装箱型谱
  • ¥15 求解 yolo算法问题
  • ¥15 虚拟机打包apk出现错误