Hello! I am new to the world of frontend, so please do not judge strictly.
Will develop an application for Angular 2, the appearance of which will depend on the role of the user.
Suppose there is a directory with some objects.
For a user with the Admin role, 2 buttons must be available opposite each entry: edit, delete.
For a user with the role of Editor , 1 button must be available opposite each entry: edit.
For the user with the role of the Reader, there should be no buttons available to modify or delete directory entries.
Accordingly, the question is - how best to implement it?
I have such an idea: The user is authorized by calling the POST /login method, while in response he is returned the rights to all types of application objects to which he has access:
for admin return from server:
[{"someDictionary" : {"read" : "true", "update" : "true", "delete" : "true"} }] for the editor will return from the server:
[{"someDictionary" : {"read" : "true", "update" : "true" } }] for the reader will return from the server:
[{"someDictionary" : {"read" : "true", "update" : "true", "delete" : "true"} }] Further, on the basis of the received array of user rights, we show or hide components on the UI (+ of course, checks on the backend).
From the above option, I see such cons
- In case of a change of rights, the user will be able to use new rights only after the re-login.
- I feel that I reinvent the wheel.
Is there a better way to implement what is described above? Tell me please.
