i'm currently a developing a GWT application, where i want to render the UI dynamically according to user permissions. Say, in my application i have a list of products and the possibility to edit that list (add new products, remove etc.).
I also have users with read only permissions, and users with write permissions. Is it now possible (or is it feasible) to do something like this in my UI classes:
if (user.hasWritePermissions) {
Button addButton = new Button()
}
So that a user without write permissions don't see the add and remove buttons? Of course i also have permission checks in my backend, but it's convenient, if the user only sees what he can use.
Or are there any other and nicer possibilities with GWT?
<define-property name="role" values="readonly,readwrite" />
. But the advantages here are probably small (users would download a few code blocks less), while the number of permutations grows exponentially.Of course, this is all a matter of style. None of the approaches is better or worse security-wise, because the actual permission checks (as you already mentioned, but I'll say it again) must be performed on the server side.