PDA

View Full Version : Dynamic rendering based on profiling



farracha
25 May 2009, 9:23 AM
Hi,

I would like to know opinions about how could I implement an application that only renders certain panels using the users profile.

for example, only a guy with edition permission could see panel A, and the guy that doesn't have any permission the panel isn't rendered.

The query has to me made against Server-side. How can i accomplish this? Because, Ajax.Request returns to a second function (success handler) which doesn't return to the main function that was supposed to answer the question if the user has the necessary permissions.
Options that passed on my mind:
Option A: Render panel, and then destroy it if after all the user doesn't have permission
Option B: Render panel on the success handler, but this is going to be complicated, because I have a lot of panels, and some of them are nested, and would be a mess and a lot of functions. Because It's not only the panels, but the buttons inside and textbox that need to be profiled.
Option C: Get all permissions of the user in JSON, decode it and then use it as an object. I like this one, but I have concerns about security.

How could I profile an ExtJS application with focus on security, performance and easy to use after defining the "profile framework".

Thanks

MD
6 Jun 2009, 1:19 PM
I'd like to gain some other's insight on this as well.

MD

demongloom
6 Jun 2009, 8:42 PM
Hi,

I would like to know opinions about how could I implement an application that only renders certain panels using the users profile.

for example, only a guy with edition permission could see panel A, and the guy that doesn't have any permission the panel isn't rendered.


May be will more easily to solve privileges problem by using another way of page rendering instead of ajax requests? I use in my control panel smarty as template system. I pass into smarty object of user and template can test his privileges during processing. Finally, on output client get html/js file with code adapted to his privileges. If privileges will changed, client will get another html/js on next page reload. Also I have implemented js code that check every ajax requests response for security fail by checking for 403 code and display proper alert for this case.