https://stackoverflow.com/questions/19158092
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianNumber two would be the way to go. If you keep your server side permissions in check (while updating data etc) you only need ExtJS to show/hide menu items based on permissions. That way, malicious users can turn certain plugins/items on or off, but they can never execute something that requires more permissions then they would normally have.
How to design permissions and conditional loading in extjs
-
30-06-2022 - |
Question
Background
I have to migrte a existing javascript application (one page app) to extjs. The display and behavior of the application depends on the users permission.
Current design
The application is divided into plugins, which represent a feature set to which permissions are granted. Each of those plugins consists of a single javascript file. A user can have permissions for one or more plugins. Depending on the permissions, those files are loaded in the head of the page. Each of these plugins will add its entries to the main menu and expose the methods used to drive the application.
The permissions are stored in a mysql database.
ExtJs's default design
In ExtJs the source files contain each a class. During the build process, all .js files are concatenated to yield one big .js file, that contains everything.
What would be the best design approach?
- I considered to use custom compilation with
sencha cmd, and create that way a .js file for each plugin. Then I could load these plugins the same way I do it now. But this results in a complicated build and deployment process. - I also thought about creating one and only .js file with a standard Ext build process. I would then load the permissions from the server via ajax in order to construct the menu. All the objects and methods would exist, but only those are accessible where the user has permissions.
In my opinion, the second approach is much easier maintainable, but it seens to have a security problem, because everyone could look at the source and find out about the data interfaces exposed on the server and consumed by ajax.
Any comments, ideas or advices are welcome. Thanks !
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
