SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Feb 2010
    Location
    Arkansas, USA
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Permissions based system in Javascript

    I am curious as to how an experienced javascript programmer would go about enabling and disabling features of a javascript program based upon the user's permissions.

    I currently do this with an ACL in my PHP application. But, as I am starting to write a lot more javascript, I am wondering how to do the same thing in javascript.

  2. #2
    Under Construction silver trophybronze trophy AussieJohn's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    776
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    If you're passing in some authentication information from PHP in to the page (e.g. set a JS var for "isAuthenticated" and "userLevel" or something like that) you could use that to load in a JS based on "who" the user is.

    e.g. using "YepNope JS"

    Code JavaScript:
    yepnope({
    	test: isAuthenticated,
    	yep : yepnope({
    			test: userLevel == config.userLevels.admin,
    			yep : 'scripts-auth-admin.js',
    			nope: 'scripts-auth-user.js'
    		}),
    	nope : 'scripts-noauth.js'
    });

    One *very* important thing to remember is that because JS runs on the client-side, it is possible that the user tampers with the script and sets themselves as a logged in admin. So it would be super important that you sense check everything that submitted to you on the server side by said JavaScript

    Using something like a nonce and a permission test on AJAX requests you should be able to keep the app secure as well
    var details = {
    . . web: "afterlight.com.au",
    . . photos: "jvdl.id.au",
    . . psa: "usethelatestversion.com"
    }


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •