chapter icon indicating copy to clipboard operation
chapter copied to clipboard

Published 20 hours ago verified publisher icon freeCodeCamp

Client side permissions

Open ojeytonwilliams opened this issue 2 years ago • 4 comments

How do we want to handle situations where the client needs to know what permissions the current user has? The current implementation is to add the list of admined_chapters to the meQuery, but really that's just the list of chapters for which they have Permission.ChapterEdit.

This works for the MVP, since the only chapter level role is the administrator, so if you have any Chapter Permission you have them all. However, this will break down post-MVP when we add more roles with fewer permissions.

Two obvious approaches:

  1. Keep adding to fields the meQuery result (chapters_with_event_create and so on)
  2. Return all the chapter_user data for that user, so the client can work it out

I'm leaning towards 2. right now.

ojeytonwilliams avatar Aug 22 '22 08:08 ojeytonwilliams

The most straightforward, but repeating might be adding separate queries, or single query with argument which permission should be used as filtering condition.

gikf avatar Aug 22 '22 16:08 gikf

single query with argument which permission should be used as filtering condition.

If we're just going to use the meQuery I don't think we want to start calling it with arguments.

ojeytonwilliams avatar Aug 23 '22 07:08 ojeytonwilliams

Definitely, I didn't mean the meQuery, new separate, or new single query, I should have been more precise. Both means also dropping the admined_chapters from meQuery.

gikf avatar Aug 23 '22 08:08 gikf

True, that's a reasonable option. It makes the dashboard a bit slower (one more round-trip), but that's not a deal-breaker.

ojeytonwilliams avatar Aug 23 '22 09:08 ojeytonwilliams