PDA

View Full Version : Big application and security



papaja
21 Apr 2011, 4:22 AM
Hi,
I'm considering developing quite big app using ExtJS. My biggest concern are user permissions to do certain actions. For example I would like that some users can only view data, but not create new entries. I would like to hide "create new" button from their toolbar and remove all js code called and executed by that button.

I know that user can add js code to page, and I will do check if user has particular permission on server side, but also want to remove any ability for average user to even see button or start action not permitted to him.

My question is what would be good practice in this case? Writing out all of js code from php based on user permissions? Writing code for every button in separate js file and then in php deciding which js files to include?

I want this to be modular, because there can be many combinations of user rights, and creating duplicate code for every window and grid with few extra buttons to accommodate all combinations would be overkill.

Any suggestions?

drian
21 Apr 2011, 5:27 AM
you should first browse the forum or use the search feature because, ontop of existing topics, i've personally answered this yesterday -> http://www.sencha.com/forum/showthread.php?130647-Best-way-to-hide-disable-GUI-elements-based-on-user-s-privilege