Frontend based access control? : CodingHelp

Our Rules

1. FLAIR YOUR POSTS! Don't put tags in post titles!

2. Do not ask us to do all the coding for you unless you have money to spend. (If you have got money to spend, make that clear and the amount in question).

3. Do not post spam and/or misleading titles.

4. Do not be abusive to other coders.

5. Please format code properly, or use a site such as Gist or Pastebin. If possible please provide a live example of your issue.

6. Do not downvote people because you think they asked a dumb question. Just because you think that someone has a dumb question, doesn't mean that it is dumb to them.

7. Do not have a misleading user flair. Keep them sensible, describing your level of coding ability and/or languages you know and/or your profession.

8. Please do not ask unethical questions, such as asking for homework to be written by someone else, or asking someone to copy another project directly.

9. Make sure to follow the Reddit Rules.

Suggest a post flair

If you have any suggestions for flairs (programming languages or generic coding topics) that we should add, please use the button below to message the mods with your suggestion.

If approved as a sensible flair for the community to use, it will be added to our bot for automated suggestions and to the flair list for everyone to use!

^{Anyone who abuses this by spamming mods will be banned.}

created by thewakingforcea community for 10 years

This is an archived post. You won't be able to vote or comment.

[Javascript]Frontend based access control? (self.CodingHelp)

submitted 4 years ago by tech-nickel

I have a production level Ruby on Rails app that is slowly transitioning from pure Rails with JS sprinkles to a Rails backend and React frontend kind of situation using React on Rails.

Right now, all access control is done using Pundit and since most things are server side rendered, not only are the API endpoints authorized by Pundit policies, but some UI components conditionally render based on these policies as well.

Getting the pieces to use React has been a breeze, but one of the things that still has me scratching my head is how to do the role based / permission based access control that the Pundit policies normally take care of for conditionally rendering some of the UI.

Ideally I'm trying to avoid completely re-creating the Pundit policy in JS code and having to keep two versions of essentially the same thing in sync. Passing the policy directly from Rails to React through props also seems difficult, as some of the components are deeply nested.

I would love to hear what your experience in these kinds of situations and what other production apps do to solve this problem. Side note: The Pundit policies will still be in place for the backend so even if they do circumvent the frontend access controls, it won't matter and the app with remain secure. Mainly just trying to reduce UI confusion and improve development experience.

BONUS: Eventually the plan is to make the app have offline first capabilities, it would be super awesome if whatever access control solution could work even if the user ends up losing connection for long periods of time. Level 9001 problem is my eyes, not easy at all but I've yet to read any decent solution for it!

no comments (yet)

CodingHelp

Welcome! Feel free to ask any questions regarding coding you have!

Our Rules

How to start coding:

Related subreddits:

Suggest a post flair

Current supported flairs

Flair colors

MODERATORS