rbac route handling
Answered
Shetland Sheepdog posted this in #help-forum
Shetland SheepdogOP
have a doubt in handling rbac on my frontend , is the convention to make multiple urls for different roles , for ex : /candidate/1 /recruiter/2 or using the same url , ex: /profile and conditionally rendering stuff on it according to roles , the first method grants more flexibility and less conditional checks so i was leaning towards the first one but it seems like most people use the 2nd method more
Answered by B33fb0n3
handling RBAC on your frontend is a bad pratice. It should be handled by your backend to prevent security vulnabilities.
However: you can decide if you want a model with /profile or /profile/someId12345. I like to use personal stuff, that is related to my user via /profile.
When its not directly related to the current auth user, then I like to use the way with the id /menu/someMenuId12345. Keep in mind, to make there also checks if it's part of multi tenancy
However: you can decide if you want a model with /profile or /profile/someId12345. I like to use personal stuff, that is related to my user via /profile.
When its not directly related to the current auth user, then I like to use the way with the id /menu/someMenuId12345. Keep in mind, to make there also checks if it's part of multi tenancy
6 Replies
@Shetland Sheepdog have a doubt in handling rbac on my frontend , is the convention to make multiple urls for different roles , for ex : /candidate/1 /recruiter/2 or using the same url , ex: /profile and conditionally rendering stuff on it according to roles , the first method grants more flexibility and less conditional checks so i was leaning towards the first one but it seems like most people use the 2nd method more
handling RBAC on your frontend is a bad pratice. It should be handled by your backend to prevent security vulnabilities.
However: you can decide if you want a model with /profile or /profile/someId12345. I like to use personal stuff, that is related to my user via /profile.
When its not directly related to the current auth user, then I like to use the way with the id /menu/someMenuId12345. Keep in mind, to make there also checks if it's part of multi tenancy
However: you can decide if you want a model with /profile or /profile/someId12345. I like to use personal stuff, that is related to my user via /profile.
When its not directly related to the current auth user, then I like to use the way with the id /menu/someMenuId12345. Keep in mind, to make there also checks if it's part of multi tenancy
Answer
@Shetland Sheepdog solved?
@B33fb0n3 <@374670149715755011> solved?
Shetland SheepdogOP
Yes i got it figured out
@Shetland Sheepdog Yes i got it figured out
Is this message the solution for your initial issue? https://nextjs-forum.com/post/1275905264851091560#message-1275913591635316768 (<---- click this)
@B33fb0n3 Is this message the solution for your initial issue? https://discord.com/channels/752553802359505017/1275905264851091560/1275913591635316768 (<---- click this)
Shetland SheepdogOP
it’s a bit generic but I got the Crux of it , thanks for the feedback !
happy to help