Answer the question
In order to leave comments, you need to log in
A
A
Alexey Nikolaev2018-04-09 12:57:03
Alexey Nikolaev, 2018-04-09 12:57:03
How to safely implement roles in react app?
Good day.
The application can have admins and users. For them, the functionality and some markup areas are different. Accordingly, the question arose, how to securely and elegantly differentiate access? The question is not about routing, but about storing the role (as long as the authorization token is stored).
If I save the role locally and the user changes it, at least the admin markup will open to him (for example, there will be menu items that are available only to administrators). The server, of course, will return 403 when trying to knock on a closed section, but I don't want to reveal to the average user what the administrators see.
If only the token is stored locally, and the role is in the state, then it turns out that every time the application starts, I will have to knock on the server and request permissions, and based on the data received, render the required set of components. Isn't it too redundant?
As is usually done in such situations, what is the most elegant way?
Thanks in advance.
1 answer(s)
@Kostik_1993
K
Konstantin B., 2018-04-09 @Kostik_1993
When a user logs in, ask the server for user rights and save them, then check for isAdmin in the output places
Similar questions
W
P
N
n1ksON2020-12-25 19:09:50
How to change url dynamically and implement react-router-dom transition?
1Reply
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question