Skip to content

Client Side Authorization Workflow

Jump to bottom
Erik Hetzner edited this page Apr 18, 2018 · 5 revisions

Client Side Authorization Workflow

Or, "How does the Can Service on the client work"?

Undoubtedly you'll come across something like this in a handlebars template:

{{#if (can "edit" paper)}}
  <a class="contributors-add" {{action "addContributors"}} id="nav-add-collaborators">Add Collaborators</a>
{{/if}}

What's actually happening?

  1. The 'can' helper asks the 'can' service to build an Ability based on the name of the action and the resource ('edit', and a paper in this case)
  2. The 'can' service looks for a Permission record in the store based on the name of the resource. If it doesn't find one locally it makes a request
    to the rails api (see the PermissionsController).
  3. The PermissionsController uses the Roles and Permissions system to build up a list of things the current user can do for the given resource, and returns it as a Permission record to the client.
  4. Once we pull down a Permission it stays in the store so we don't have to make a new request for each 'can' check
  5. The 'can' service returns the new Ability with its permissions set.

Attachments:

permission lookup (application/gliffy+json)
permission lookup.png (image/png)

Home

Contributing

Developer Documentation

Card Config

Letter templates

Roles and Permissions

Clone this wiki locally