GWT: Dynamic UI rendering

Question

i'm currently a developing a GWT application, where i want to render the UI dynamically according to user permissions. Say, in my application i have a list of products and the possibility to edit that list (add new products, remove etc.).

I also have users with read only permissions, and users with write permissions. Is it now possible (or is it feasible) to do something like this in my UI classes:

if (user.hasWritePermissions) {
  Button addButton = new Button()
}

So that a user without write permissions don't see the add and remove buttons? Of course i also have permission checks in my backend, but it's convenient, if the user only sees what he can use.

Or are there any other and nicer possibilities with GWT?

Answer 1

• Your approach is fine.
• As with any Java code, you can make use of polymorphism (e.g. an EditableProductListView and a ReadOnlyProductListView)
• Theoretically, you could also do it with deferred binding, but this is a bad use case for it: Ok, it's doable, if you only have two or three types of users. Then you could introduce your own deferred binding property using <define-property name="role" values="readonly,readwrite" />. But the advantages here are probably small (users would download a few code blocks less), while the number of permutations grows exponentially.

Of course, this is all a matter of style. None of the approaches is better or worse security-wise, because the actual permission checks (as you already mentioned, but I'll say it again) must be performed on the server side.

Answer 2

You can also give all "admin"-Button and UI-elements a CSS class. If you set another CSS class to the rootpanel (or another ancestor), all your admin Elements will disappear.

Change property of CSS class in GWT at runtime

body.admin .onlyForAdmin{
    display:block;
}

.onlyForAdmin{
    display:none;
}

But it can't be told often enough: Permission check needs to be server side! (as you mentioned)