Consider implementing approach given by andrewingram on reddit
his comment below:
_A few notes:
I tend to avoid role-based permissions, because it creates a high maintenance burden. By this I mean that if you change your concept of what a role is and isn't allowed to do, it means you have to go over your entire codebase and fix all your checks. Explicit permission checks (eg 'can_edit_products') scale better. You can still use roles to represent buckets of permissions, but you should never check against roles directly.
I prefer decorating my components to inheriting a different component class. Using inheritance doesn't mesh nicely with the functional composition pattern you use elsewhere in a React codebase. I ended up with this: permissionsRequired('can_foobars')(MyComponent)
At one point I did try defining permissions in routes, but I didn't like the result. Your mileage may vary :)
Consider implementing approach given by
andrewingram
on reddithis comment below:
_A few notes: I tend to avoid role-based permissions, because it creates a high maintenance burden. By this I mean that if you change your concept of what a role is and isn't allowed to do, it means you have to go over your entire codebase and fix all your checks. Explicit permission checks (eg 'can_edit_products') scale better. You can still use roles to represent buckets of permissions, but you should never check against roles directly. I prefer decorating my components to inheriting a different component class. Using inheritance doesn't mesh nicely with the functional composition pattern you use elsewhere in a React codebase. I ended up with this: permissionsRequired('can_foobars')(MyComponent) At one point I did try defining permissions in routes, but I didn't like the result. Your mileage may vary :)