In my Ember application, I have a map of routes and CRUD permissions that is returned from the server. If a user doesn't have read access to a page, I can easily exclude the menu item but for Create and Update operations I need to make some changes in router.js.
So currently this is the router I have:
import Ember from 'ember';
import config from './config/environment';
const Router = Ember.Router.extend({
location: config.locationType
});
Router.map(function () {
this.route('product-types', function () {
this.route('view', {path: '/:product-type_id'});
this.route('edit', {path: '/:product-type_id/edit'});
});
this.route('products');
this.route('members', function () {
this.route('view', {path: '/:member_id'}, function () {
this.route('member-accounts', function () {
this.route('new');
});
});
this.route('edit', {path: '/:member_id/edit'});
this.route('new');
});
this.route('tasks', function () {
this.route('view', {path: '/:task_id'});
});
});
export default Router;
So I wish somehow to be able to simply not register the route to :new and or :edit if the user doesn't have the right permissions:
this.route('product-types', function () {
if(permission['product-types'].edit()) {
this.route('edit', {path: '/:product-type_id/edit'});
}
});
But I'm looking for a better solution as the routes are growing in huge numbers. So I'd like to perhaps customize this Ember's router to do this automatically. Is that possible?
The other problem is Delete. Because Delete doesn't have any specific route I'd like to be able to pass that permission to each model by default automatically so that each model checks if delete is possible or not and then hide the delete button.
I am not worry about a user hacks the js files and enables the pages and tries to access the forbidden pages because they can't do anything as the server will stop them and will check all the permissions but I want here a mechanism to hide/display pages, buttons based on permissions. Any help is appreciated.
Aucun commentaire:
Enregistrer un commentaire