Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
sejbr446y@Santaclauze
Based on this https://github.com/marmelab/...
If I understand correctly it just requests the data and processes what has been returned or not returned if the access was denied? As in my second example?
Would that work well if the page contains a lot of prechecks to render a huge menu with a bunch of authorization based entities for example?
I'd assume it could generate about 15-30 requests. Would the .then suffice and not slow the app down too much? -
@sejbr they use permissions which are set in the context i believe. That blocks the rendering id permissions or authorization is not valid. To be honest i did not compltely understand your question, but i thought this project may be of help.
-
@sejbr you can pass your own menu via a props and filter what parts of the menu are displayed depending on permissions. Check their Admin component and the permissions section.
Related Rants
!rant
Got a question since I've been working with ancient web technologies for the most part.
How should you handle web request authorization in a React app + Rest API?
Should you create a custom service returning to react app what the user authenticated with a token has access to and create GUI based on that kind of single pre other components response?
Should you just create the react app with components handling the requests and render based on access granted/denied from specific requests?
Or something else altogether? The app will be huge since It's a rewrite off already existing service with 2500 entities and a lot of different access levels and object ownerships. Some pages could easily reach double digits requests if done with per object authorization so I'm not quite sure how to proceed and would prefer not to fuck it up from the get go and everyone on the team has little to no experience with seperated frontend/backend logic.
question
php
authorization
react
api
rest