Reputation: 3207
Is there a way to implement permissions in Backbone View
I am currently working on a large application in Backbone. I am posed with the challenge of implementing field level permissions on the form.
One way is to trick the text API of require.js and have it fetch views/partials from the MVC controller and implement permissions on the server side. This way I will get the required HTML (as that will be compiled code returned from the server) that I can render.
Is there any better way to do it in Backbone?
Upvotes: 0
Views: 288
Answers (1)
Reputation: 9436
First off, independent of what you have Backbone do, you must restrict the data being return from the server.
For example, if you have a User object that has sensitive fields like email that are only available to the owner user then the server must be responsible for not sending that information to the client. Likewise, if fields like email are not allowed to be created by random users then the server must filter or validate the client submitted data.
On the client, you will want to control the display based on the same user permissions. I would do this by keying off of either the fact that sensitive data was not returned from the server to begin with or some specifically set flags that indicate a user's permissions.
Upvotes: 4
Related Questions
- handle permissions with backbone
- Declarative Authorization (permissions) for Backbone Views
- Backbone.js Template and View security
- Permissions/ACL in a JavaScript Client Side App
- Activity based permissions with Backbone, API design ideas?
- Backbone restrict routes from user in permission based app
- Backbone.js and role based authorization/potential for client side hacks
- Backbone application with different functionalities by role
- How can I deny users access to parts of my Backbone App if they have not logged in?
- Handling users in a backbone.js app