A
A
Alexey2018-09-27 13:15:08
JavaScript
Alexey, 2018-09-27 13:15:08

What approaches do you use to generate a template with different access rights?

How clumsy is the data? Is this solution safe?

  1. There are several tables in the database with levels and access rights (Access Control List), respectively, we get a combined access key;
  2. We use express-session to store information about the user, name / access key, etc .;
  3. In the required routes, we pass this key res.render('index', key : session.key});
  4. We form the template based on the received key and give it to the user.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Abcdefgk, 2018-09-27
@Abcdefgk

In fact, by default, the "key" of the user's role is written to res.locals in the request handler, and the template itself provides options for different roles, which - depending on the role (access rights) - are given for generation based on a simple check like if ( key == 'Admin')...
Actually, this is the same as res.render('index', {key : session.key}); , only "correct".

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question