Application based on multiple authorization profiles [closed]

0

I have a handful of doubts in an interesting scenario, I hope you can give me a little help.

I'm using the ng-token-auth package for authentication, for permissions control the package angular-permission , my Rails backend is configured with for devise_token_auth for authentication, pundit for authorization and rolify for multiplus profiles.

I need to deploy and configure for my frontend with roles and permissions using the package angular-permission , at this point I do not know the best way to do this.

Should I pass the rules and permissions along with the user's session? This issue explains a little as it should be.

I would like your opinion and experience.

    
asked by anonymous 14.10.2016 / 13:44

1 answer

2

From what I saw in the angular-permission documentation, the permission check is asynchronous, so you can either run with local data or make a request to the server about the permission.

Permissions are server security, but this data is important in the view, so it will depend a lot on how your project is and how complex your roles and permissions are.

In general, I always leave frontend rules in the frontend, in that case I would create a service responsible for acquiring and storing these roles to be defined in angular-permission, looping on those data and setting them all quickly and updating when required. But if there are many rules this file can end up getting large and occupying both memory and processing of your application (this can be a problem especially if you also have mobile users).

If this is a problem, change the strategy and make the requests to the server for each case (and go adding the permissions on demand), you will lose in speed (will have more requests) but will occupy less memory and will make your project a bit more complex.

At the end you will have to put the balance to decide what would be the best solution for your problem, but if possible try to leave this data in the frontend (it will make your project simpler and development more dynamic).

    
15.10.2016 / 17:21