Permissions and MVC
Posted
by
not-rightfold
on Programmers
See other posts from Programmers
or by not-rightfold
Published on 2013-10-22T11:50:25Z
Indexed on
2013/10/22
16:02 UTC
Read the original article
Hit count: 333
I’m in the progress of developing a web application. This web application is mostly a CRUD interface, although some users are only allowed to perform some actions and see only some parts of views.
What would be a reasonable way to handle user permissions, given that some parts of views are not available to users? I was thinking of having a function hasPermission(permission)
that returns true
iff the current user has the given permission, although it would require conditionals around all parts of views that are only visible to some users. For example:
{% if has_permission('view_location') %}
{{ product.location }}
{% endif %}
I’m fearing this will become an ugly and unreadable mess, especially since these permissions can get kind of complicated.
How is this problem commonly solved in web applications?
I’m considering using Haskell with Happstack or Python with Django.
© Programmers or respective owner