Reputation: 181
Role based web UI with REST
We have chosen a REST based architecture for a new web based application. The entire platform is exposed in the form of a RESTful service so that any UI (WEB/Mobile) can be built on top of these. So, the application is in 3 layers, the DB, the Application layer - this just exposes RESTful services, and UI - currently a HTML5/CSS/Javascript based UI consuming web services.
This application also has role based access and hence the UI has to be designed based on the role. Is it a good idea for a web service to return the set of privileges in a service response and then use it in Javascript to build the UI?
UI variations for roles can be as follows:
Main menu might change based on the role
Tabs have to controlled based on roles
Most of the pages in the application are widget based, and display of widgets is again tagged to roles
Once again, I would like to know if this is a right idea to go ahead with. Please suggest.
Upvotes: 4
Views: 1727
Answers (2)
Reputation: 11495
To follow the HATEOAS (Hypermedia As The Engine Of Application State) constraint, you should have the REST service itself be providing what state transitions (i.e. links) are valid for the "application state", which includes any particular logic about what navigation, tabs, etc are available based on the role(s) of the user.
As such, your resources should be designed in such a way that they can return results that are specific to your logged in user.
E.g. (using HAL as the hypermedia type)
GET /users/123/navigation
{
"_links": {
"http://api.service.com/rels/home": { "href"="/" "title"="Home" },
"http://api.service.com/rels/admin": { "href"="/admin" "title"="Admin" }
}
}
Doing so keeps the business logic of "what roles can do what" in the service, which is really where that logic belongs.
Upvotes: 2
Reputation: 4870
for that you need to store all the menu option , widget and pages name in databse and also load menu at runtime.(i.e your first request is send role and getMnu from server)
you can easily create role based Rest ARchitecture and also provide security to Restful Services.
Upvotes: 0
Related Questions
- role based access with jwt and a lot of roles
- Role based authentication for webapi
- REST API - How to restrict access to resources by role?
- Designing Django Rest Framework role based authorization
- ASP.NET Web API role based security
- Roles in REST service
- RESTful Architecture Authentication/Authorization Strategy
- How to implement custom role based authorization in ASP.Net MVC
- App structure for roles-based RESTful resources
- Role-based access control with REST (HTTP)?