Hi,
I'm working on an app that uses JS heavily on the client side. At times some
objects may have different permissions depending on the user but since I'm
getting their JSON content and not something produced by DRYML I need a way to
tailor them to the user's permissions on the client. I've been thinking of
several ways to handle this and before I embark upon one I was wondering if
anyone had experience with this and some suggestions.
Option 1 is to have every single model expose some form of
"/foo/:id/permissions" and "/foo/permissions" web method which would return
something like { "create": true, "update": true, "destroy": false } (view
shouldn't be needed). This would probably work, but it feels clunky. I probably
would end up having to cut and paste or hand-edit routes to match what I have.
Option 2 is to use a single location which can be queried as
"/permissions/:model[/:id]" and would return essentially the same thing. This
seems less invasive but I'd still have to make multiple requests for create (on
the model) and update/delete (on an ID).
Option 3 is to specify permissions in JSON and have the same permission
description loaded on both sides. This loses expressivity but I think I can
live with that.
Any thoughts?
--
Robin Berjon
Robineko (http://robineko.com/)
Twitter: @robinberjon
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/hobousers?hl=en.