Hi,
How are you?
The scenario is as follows:
- A firm has several Departments.
- Each department has people with different Roles.
- For each Department there are a series of forms, reports, etc. available (to be also developed with Anvil).
- Each form or report corresponds to a menu option in my application.
I would like to develop one application with Anvil, that allows any user of the firm to log in, and depending on the Department, and Role of the user in the Department, shows the menu options that that particular user is allowed to see.
Is there anything that solves such scenario out of the box in Anvil?
Otherwise, how would you suggest I approach this? (there are probably several possible ways to do this, and each one also probably has its pros and cons)
I’m new to Anvil, so I would really appreciate having the point of view of more experienced users in order to start in the right direction)
Thank you very much!
Warm regards
Ricardo
On the client side you can use data bindings or if statements to control the visibility of different options.
For my apps I typically have one page (I use Anvil Extras routing) for each role, so the actual options don’t change and I only need to worry about hiding/showing the option on the main page for getting to those subpages.
This clone shows an example of the approach I use with Anvil Extras routing in the mix: Anvil | Login
2 Likes
You can add one “roles” simple object column to the users table and each user can have a list of roles, for example ["admin", "sales"].
On the client you can use databinding or the form_show event to set the visible property to "sales" in user['roles'], so the button will be visible only if the “sales” role is there. This will ensure that normal users will see the buttons they are allowed to see.
On the server you need to check for user permissions on every sensitive call. For example, if the user clicks on the “show invoices” button, the button calls a server side function to get the list, the server function should first check if the user has the “sales” role, then do its job.
Hackers can change the code on the client, make the “show invoices” button visible, click it, and call its server function, but they can’t change the code on the server side. So you should always assume that unauthorized users can call your sensitive functions and check for user permissions on every server call.
In summary:
- check for user permission on the client to decide what UI elements to show
- check for user permission on the server to decide what sensitive data to show
There are more advanced models that rely on groups and permissions, but things can get quite complex. You can give this simple approach a try and, if/when it feels too tight, you can explore other more complex options.
4 Likes
Thank you very much for your answers!! They both sound logical to me.
I will explore them both (as I’m pretty new to the platform it might take me a few days to get to implement a sample case with each one of them), but I will be back to you to keep you updated with the results as soon as I can get them working.
Thanks again!!
Warm regards!
Ricardo