Application based on multiple authorization profiles

Question

Application based on multiple authorization profiles

Asked 7 years, 8 months ago

Viewed 67 times

0

I have a handful of doubts in an interesting scenario, I hope you can give me a little help.

I am using in an angular application the package ng-token-auth for authentication, for permissions control the package angular-permission, my Rails backend is configured with devise_token_auth for authentication, Pundit for authorisation and rolify for Multiplus profiles.

I need to implement and configure for my frontend with roles and Permissions using the package angular-permission, at that point I don’t know the best way to do it.

I must pass the rules and permissions along with the user session? This Issue explains it a little as it should be.

I would like your opinion and experience.

1 answer

Browser other questions tagged angularjs ruby-on-rails

You are not signed in. Login or sign up in order to post.

by Scoup • **171** points · Answer 1 · 2016-10-15T15:21:37+00:00

From what I saw in the angular-permission documentation, the permission check is asynchronous, so you can either run with the local data or make a request to the server about the permission.

Permissions are server security, but this data is important in the view, so it will depend a lot on how your project is doing and how complex your roles and Permissions are.

Generally speaking I always leave frontend rules on the frontend, in this case I would create a service responsible for acquiring and Storage these roles to be defined in angular-permission, looping these data and setting them all up quickly and updating when necessary. But if there are too many rules this file can end up getting big and occupying both memory and processing of your application (this can be a problem especially if you also have mobile users).

If this is a problem, change the strategy and make requests to the server for each case (and go adding the permissions on demand), you will lose in speed (you will have more requests) but it will take less memory and will make your project a little more complex.

In the end you will have to put on the scale to decide which would be the best solution to your problem, but if possible try to leave this data on the frontend (will make your project simpler and more dynamic development).