Permissions and MVC

Posted by not-rightfold on Programmers See other posts from Programmers or by not-rightfold
Published on 2013-10-22T11:50:25Z Indexed on 2013/10/22 16:02 UTC
Read the original article Hit count: 333

Filed under:
|
|

I’m in the progress of developing a web application. This web application is mostly a CRUD interface, although some users are only allowed to perform some actions and see only some parts of views.

What would be a reasonable way to handle user permissions, given that some parts of views are not available to users? I was thinking of having a function hasPermission(permission) that returns true iff the current user has the given permission, although it would require conditionals around all parts of views that are only visible to some users. For example:

{% if has_permission('view_location') %}
    {{ product.location }}
{% endif %}

I’m fearing this will become an ugly and unreadable mess, especially since these permissions can get kind of complicated.

How is this problem commonly solved in web applications?

I’m considering using Haskell with Happstack or Python with Django.

© Programmers or respective owner

Related posts about design

Related posts about mvc