Hi,

I'm working on an app that uses JS heavily on the client side. At times some 
objects may have different permissions depending on the user but since I'm 
getting their JSON content and not something produced by DRYML I need a way to 
tailor them to the user's permissions on the client. I've been thinking of 
several ways to handle this and before I embark upon one I was wondering if 
anyone had experience with this and some suggestions.

Option 1 is to have every single model expose some form of 
"/foo/:id/permissions" and "/foo/permissions" web method which would return 
something like { "create": true, "update": true, "destroy": false } (view 
shouldn't be needed). This would probably work, but it feels clunky. I probably 
would end up having to cut and paste or hand-edit routes to match what I have.

Option 2 is to use a single location which can be queried as 
"/permissions/:model[/:id]" and would return essentially the same thing. This 
seems less invasive but I'd still have to make multiple requests for create (on 
the model) and update/delete (on an ID).

Option 3 is to specify permissions in JSON and have the same permission 
description loaded on both sides. This loses expressivity but I think I can 
live with that.

Any thoughts?

-- 
Robin Berjon
  Robineko (http://robineko.com/)
  Twitter: @robinberjon



-- 
You received this message because you are subscribed to the Google Groups "Hobo 
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/hobousers?hl=en.

Reply via email to