burczu / react-router-role-authorization

Role-based authorization components for React and React-Router
145 stars 25 forks source link

explicit permission check #1

Open burczu opened 8 years ago

burczu commented 8 years ago

Consider implementing approach given by andrewingram on reddit

his comment below:

_A few notes: I tend to avoid role-based permissions, because it creates a high maintenance burden. By this I mean that if you change your concept of what a role is and isn't allowed to do, it means you have to go over your entire codebase and fix all your checks. Explicit permission checks (eg 'can_edit_products') scale better. You can still use roles to represent buckets of permissions, but you should never check against roles directly. I prefer decorating my components to inheriting a different component class. Using inheritance doesn't mesh nicely with the functional composition pattern you use elsewhere in a React codebase. I ended up with this: permissionsRequired('can_foobars')(MyComponent) At one point I did try defining permissions in routes, but I didn't like the result. Your mileage may vary :)

jahglow commented 7 years ago

Hi, what's your progress on it?