samedi 30 mai 2015

How to deal with user rights and restrictions in complex SPA

I'm working on a single page enterprise application with a pretty complex logic. There are several entity classes on the server side:

class User {
    Long id;
}
class Node {
    Long id;
    String name;
    Status status;
    Node parent;
    List<User> admins;
}
enum Status {
    STATUS_1, STATUS_2
}

Entities are converted to JSON and send to client where are displayed in a tree-like structure, like this:

enter image description here

There are several restrictions:

  1. Simple user that works with application can see tree of nodes, but can't change anything.

  2. User can change node name if he is among admins of node or any of its parent nodes.

  3. Admins can also change status of node, from STATUS_1 to STATUS_2, but only if all child nodes has STATUS_2 status.

  4. There is a list of super adminstrators that can do whatever they want: change properties of any node, change status as they want.

So somehow, during rendering of the tree on the client, I need to know what application user can or cannot do with each of the node on the page. I can't just assign user a role within a whole application because user rights vary from one node to another. Also I can't see whole picture on the client side because child nodes may be not loaded. How can I manage user rights and restrictions in situation like this? What's the proper way or pattern to use?

Aucun commentaire:

Enregistrer un commentaire