explicit permission check

[burczu]

Consider implementing approach given by andrewingram on reddit

his comment below:

A few notes: I tend to avoid role-based permissions, because it creates a high maintenance burden. By this I mean that if you change your concept of what a role is and isn't allowed to do, it means you have to go over your entire codebase and fix all your checks. Explicit permission checks (eg 'can_edit_products') scale better. You can still use roles to represent buckets of permissions, but you should never check against roles directly. I prefer decorating my components to inheriting a different component class. Using inheritance doesn't mesh nicely with the functional composition pattern you use elsewhere in a React codebase. I ended up with this: permissionsRequired('can_foo_bars')(MyComponent) At one point I did try defining permissions in routes, but I didn't like the result. Your mileage may vary :)

[jahglow]

Hi, what's your progress on it?