How to pass permission/authorization data to client side Javascript?

I have a javascript web application almost totally rendered client side. The data is exchanged between client and server using models through a REST interface, then rendered using client side templates.

I have now the need to conditionally render some parts of the UI (or execute some operations) based on the user role/permission (authorization is server side model based ACL).

What is the best way to communicate permission data from server to client, taking into account that:

  1. The models exchanged may have other embedded models with their specific permission
  2. I need to know also READ and CREATE permissions on different models (so the model object is not yet available client side)
  3. Should minimize REST calls and DB calls

Answers


Your client should present controls to the user based on information returned by the server on a per-request basis. If the response from the server includes some information intended to be used to perform an action, the client should take that hint and maybe enable a button or make it visible or something.

Using this approach, you can define your ACL in terms of resource/privilege -- this model + that HTTP method. When the server is about to return a representation of a resource, it can include any options the user should see for that resource by polling the ACL for all privileges the user possesses for that resource (or others, like children/descendant resources.)


Need Your Help

Elmah did not log HttpRequestValidationException

c# asp.net-mvc elmah

In my ASP.NET MVC2 application Elmah fails to log any HttpRequestValidationException (except when you are logged into the webserver via remote desktop and browsing the site as localhost)

Should I trigger the default signal handler when I define my own handler?

java signals

I'm trying to do some pre-shutdown cleanup when a SIGINT is sent to my Java application, using the sun.misc.Signal and sun.misc.SignalHandler classes.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.