Answer the question
In order to leave comments, you need to log in
How to properly render moderator buttons?
There is a site that uses a system of rights and ranks so that moderators can interact with users. In some, publicly accessible places on the site, you need to draw buttons that are responsible for the actions of moderators.
The backend of the site needs to provide a RESTful API for data access, so you want to render with JS, most likely using React.
Actually, the question itself is: how to implement the rendering of the admin / moderator components so that the user has as few opportunities to interfere with it as possible (ideally, I would like such an opportunity not to exist at all, even if someone starts studying js files).
Answer the question
In order to leave comments, you need to log in
what difference does it make how you draw them? you will still process requests on the backend.
even if the user finds the button, let's say "ban the user", let him send this request to the server at least 10 times - you must have a check on the server that this user is not a moderator and such a request cannot be executed by him.
In any case, whether or not you add admin logic to the default client code, if there are vulnerabilities in REST, they will be found someday.
If you have something to hide and it promises big financial losses - hide it.
If you do not have large (critical) losses from project downtime for an hour, this is an excess that money will be spent on (developer time), but in reality this is not necessary.
If this is a requirement of the customer: explain to him that such an approach to tasks will increase costs by 2 times, but there is no real need for this and his desire will immediately disappear somewhere.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question