In the interest of secure, clean code, is it better to return a Client readable view based or a filtered search from the server based on the user’s role/permissions? Does one or the other give more or less functionality?
1 Like
Here’s what I think is the case (assuming you have the default permissions i.e. No Access client-side and Edit access server-side).
It matters if you return a table from server-side
but doesn’t matter if you return a search iterator from server-side.
e.g. Server Side
@anvil.server.callable
def get_table():
return app_tables.table_0
@anvil.server.callable
def get_readable_table():
return apptables.table_0.client_readable()
@anvil.server.callable
def get_writable_table():
return apptables.table_0.client_writable()
Client Side
table = anvil.server.call('get_table')
table_r = anvil.server.call('get_readable_table')
table_w = anvil.server.call('get_writable_table')
with table I can’t do anything
with table_r I can call search and get but can’t edit
with table_w I can edit rows
If you return a search iterator then there is no need to use client_readable:
return app_tables.table_0.client_readable().search(column='foo')
is equivalent to…
return app_tables.table_0.search(column='foo')
3 Likes
Ok great. Thanks very much Stu