I have a react app, an object with permissions comes from the backend and depending on the user's role or selected permissions, the user has access to one or another functionality in different components(buttons, certain table cells, etc.)
What is the best way to implement this functionality on the front-end side? I thought that you can use a certain service that will accept all permissions and, using the API context. For example, already scatter them throughout the application, depending on the component. Is this the normal way and how can you do it better?
I have a little silly sketch of how I see it, I would like to know how to do it better.
https://codesandbox.io/s/modest-joliot-nkur7?file=/src/App.js
Scattering any logic through out an application sounds like a poor design choice for any feature. Instead you should have centralized code that does this. For example, this could be a function that you can call as needed such as hasPermission().
Related
I am working on an app which touches sensitive information, like money.
We have some calculators, and we want to prefill the values with whatever the user has entered last. Apart from increasing UX, we don't need those. But we cannot store it in web storage or cookie because of security.
We have
a JS frontend,
an API Gateway backend that is supposed to be "stupid", so it only handles authentication and sending messages to to corresponding services
some services that actually care about the business logic
These possibilities come to mind and I cannot decide which I should do (and foremost: why)
Add a table in backend, that is a catch all for implementing cookie-like functionality in backend
Add a specific table in the service it fits the most
Use a key value store in backend (don't know about this, a coworker put it out there)
As i read your requirements it seams that this is kind of a defaulting including some business logic (stupid or smart). Personally i see defaulting as part of business logic and based on this it's part of the service which cares about this functionality.
Add a table in backend, that is a catch all for implementing cookie-like functionality in backend
This sounds like a generic solution for a pretty generic requirement. what do you wanna achieve with this?
Add a specific table in the service it fits the most
Sounds reasonable especially because you put it there where it belongs. Does it have to be a table? why not calculate or copy the values on runtime?
Use a key value store in backend (don't know about this, a coworker put it out there)
This is maybe a technological decision but first you need a design decision.
I have a WPF Application where I register many users in my apps inner Data Base. I have many classes that would like to query which user is logged in currently.
I wonder which is the best architecture for this kind of scenario.
So far I can think of:
A Singleton object storing the current logged in User.
Use Dependency Injection and pass an object containing all the login information for every class that needs it (and to some classes that won't need it directly, but might have to pass it along to another one later).
Singleton has its disadvantages, and DI could lead to many dependencies being shared all over the place and could be a maintenance nightmare on the furniture. I wonder if there is a better solution for this issue.
I've been following the examples in the book "MEAN Machine", and I've implemented a simple token-based authentication system that makes the contents of a certain model only available to authenticated users.
I'd like to take this to a more complex level: I need three different user types.
I am building an app where some users (let's say, vendors) can upload certain data that could only be accessible to certain authenticated users (let's say, consumers), but vendors also need to be able to see, but not edit data uploaded by other vendors. Then, there would be a third type of user, the admin, who would be able to edit and see everything, including the details of other, lower level users.
How should I proceed in constructing this?
Thanks in advance for your help.
As you mentioned that the authentication system is already working and now you need to implement Access List Control. The ACL end implementation depends a lot on your database model and requirements. There are also Node modules which have the support for more advanced models like this acl module https://www.npmjs.com/package/acl, supports also MongoDB.
I'm a beginner AngularJS user. I've been trying to pull hard coded JSON (backend and server data not ready) currently. It seems that in order to pull data, for instance when using the very common ng-repeat, I need to know the database structure (as the rendered JSON will mirror that structure, right?).
So while I can code independently of the back end, am I correct in my assumption that I must know the database structure? For instance... I might want to pull user comment data. This could be in its own database and I might do this: ng-repeat='comment in comments' and filter for the specific user within each comment entry in database. Whereas if comments are only within a user table it would be ng-repeat='comment in user[0].comments'. I would imagine the former is the correct approach but I honestly have never learned about proper database structure. It seems that it is something you must know in order to properly implement AngularJS though.
Any help is appreciated. I really want to make sure I approach things properly. Thanks!
I don't think you need to (or should) know the database structure. AngularJS is an MVC framework. A basic principle in this architecture is the separation of concerns. Simple put: do not mix stuff, but more specifically, you're talking about the communication between two systems: a local one (the browser running angularJS) and the remote one (a server that might, or might not, be the same that served the angular files to the client)
For example, your view should not be accessing your database (if you were working with, say, PHP, you should not have things like mysql_query(...) in a view).
You should also design components to be loosely coupled: make them as independent as possible. Unit tests help you think that way and AngularJS is particularly unit-tests-friendly with karma. Following this principle, what if you use the twitter API to show tweets in your angularJS application? you don't need to know about the internals of twitter. There is an API that serves this JSON in a format that you can use.
Your backend should provide this (for example, with a façade controller), and you should agree with the backend team what data will be available.
Instead of making your design depend on the database structure, make the backend API depend on your requirements. this way you'll have two systems loosely coupled and the backend team can do whatever they want without affecting you. For example, changing the DBMS or the structure of the tables.
If you want to pull comments, you might have a remote call ($http or ng-resource) that gets all the comments for a specific user (or for a few users, because you might want to minimize the number of remote calls) in a service or in a controller. The server responds with a json file that represents this (and probably some more things that will be needed soon, like profile picture urls, user id's, etc). Then you put the data you want to expose to a view (a subset of what you fetched from the server) in $scope.
I am going to be creating a work order system with three roles
The "client" - The client can request projects to be completed by the worker. The project must be selected from a list of templates and various sub options all referred to as a campaign (campaign types come and go throughout the year)
The worker - The worker must be able to view work orders and mark them as accepted/rejected, work in progress and completed.
The overlord - He/She needs to see stats concerning the activity of the other two types of users.
So.
This is a web app. But a very simple one in terms of logic. Could something like drupal handle this? Or would I have to write my own modules? The other out of the box aspects of drupal make it attractive (admin, user creation, news feeds, etc...)
I have looked at Views and Webforms. Views seems great for querying and displaying data from the work order database (great for a portion of all three roles), but I am not clear as to how I interface with my work order database when creating and modifying work orders.
Webforms doesn't see to be the answer, I am sure I just missing something right under my nose.
Any hints in which direction to look would be great!
Thanks.
If you use a simpler, less powerful CMS, you may save time with the learning curve but lose time struggling with a less flexible framework. Also: Check how active the developer community is when evaluating Open Source software. You'll need support.
Views and Webforms may be tools that you'll end up using but what you're really talking about is work flow. You could build your own work flow with a combination CCK and views, yes. There are also work flow modules.
Are you and IRC user? See: http://drupal.org/irc
I am pretty certain that you can do this with drupal. I would suggest looking into using an easier CMS than drupal for something simple like this. Using something like MediaWiki for this application might be quicker to develop and have less of a learning curve. If you don't mind putting in the time to learn drupal, I think you will ultimately have more freedom.
First of all, don't underestimate Drupal's learning curve. Especially if your PHP and/or programming skills are relatively new. Drupal does a lot of things in it's own way, and it's good to know that way.
Secondly, Drupal is (imho) made first of all for outward facing sites, it can have a lot of stuff just for the users and not for the public, but a lot of its functionality is made for the CMS part of the system. You might consider using a more framework-style system like Zend Framework, which components are a bit more "loose" but also offers less functionality out of the box.
Thirdly, depending on what a work order is and how it should be treated a custom module could be needed. If a workorder has a really simple datamodel, it could probably be done without programming, but if it is complex you'll have to fire up your favorite editor. Don't worry, making a module sounds scarier than it really is.
I don't know how good your knowledge of drupal is, but to me this has CCK and Views2 and user roles written all over it.
Basically, use CCK to create your content types (remember the user reference field might come in handy to assign a node/record to a particular user)
Then create views for each user group (they could be shared, as you can assign them to more than one role type)
Creating a view where you filter the cck user reference field by the user looking at the screen may also come in handy here.
OKAY, there might be a little bit more to it than that, but what you want is doable.
UPDATE: To protect your site from unwanted eyes, check out the site security module as it puts a security wrapper around all of your website.
Views - Create lists - allow access by user roles
CCK - Define your own content types (add your own fields)