How to implement permissions in api?

D

Dos2019-11-20 04:27:26

symfony

Dos, 2019-11-20 04:27:26

I want to implement validation on frontend Vue. For example, it is that if the user has permission to manage members, then we display the "Manage" button. In symphony it would look something like this:

{% if is_granted('ROLE_MANAGE_MEMBERS') %}
            {% if member %}
                <a href="{{ path('members.show', {'id': member.id}) }}" class="btn btn-primary">View Member</a>
            {% else %}
                <a href="{{ path('members.create', {'id': user.id}) }}" class="btn btn-primary">Create Member</a>
            {% endif %}
        {% endif %}

Symphony is clear. But since there is a separate application on vue that is used independently of the api on symphony. That raises the question. How do I manage user permissions? There can be many such checks. If the person is an admin, then we show him the editing buttons. Or you can edit it by admins, project managers, and so on.
How to do it in api?
I have only two options: it is to create a new method in the api that will check permissions. Or pass permissions when requesting to api as a separate array. How right? How is it usually done?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Anton, 2019-11-20
@karminski

Permissions should arrive in response to a user authorization request. Then we store them in an object with a user profile on the front.