How to create admin user or super user in React-Redux application?

Question

I currently have a React-Redux Application.

I want to create an admin user in React-Redux.

If I create a state with userAdmin true or false will users be able to access the state and change this value? That is to say, is this a secure method of creating such access?

I am using webpack to create a bundle.js, and have a node.js server for serving data that is secured using JWTs.

Furthermore, is there a standard or semi-standard pattern for creating an admin user in a react-redux application?

My thoughts on this are:

1. Create a separate app for admin user management.

2. Create a state for the admin user and if that state is true then query the serverAPI for any admin action. But show the admin capability only if that state is true eg. delete other users, view details of users, but do not serve that data without an authorised API call. Then if the state is changed surreptitiously the user can only see the actions but is not able to access the API without the required authorisation.

Answer 1

tldr: your thoughts are correct

You are right in the assumption that the user could manipulate the state of the client side app to escalate her privileges. However, that shouldn't give any useful benefits if your architecture is done right.

Data that only admins should have access to shouldn't be transmitted to a regular user in the first place and changes that only admins should be able to do should only be accepted with JWTs that identify admin users.

Right management is something that has to happen server side. The client app just reflects that in the UI.