I have a clientside rendered frontend with a REST API. The frontend should render some elements based on the user authorization. Example permissions could be
- delete users
- being able to delete supervisors too
- create users
- add users to workflows
- ...
A huge amount of permissions is managed by an administrator. My question is:
How would you get to know what permissions you have for this rendered page and what to render?
The only idea that comes to my mind would be to create an API endpoint /user/:id/permissions and ask for every permission the user has. An example response object could be
[
{
"permissionId": 0,
"description": "Has access to page"
},
{
"permissionId": 1,
"description": "Can create users"
},
{
"permissionId": 2,
"description": "Can delete users"
}
// ...
]
Then I could start rendering my HTML based on these permissions (Pseudo code / I normally use VueJs)
<button render-if="permissions.contains(1)">This shows up if the user can create users</button>
<button render-if="permissions.contains(2)">This shows up if the user can delete other users</button>
I think the frontend code might get a bit messy. The API endpoint should be fine but maybe there is a better solution. Does a best practise solution already exist?