Hi everyone,
I am new to Web API and have the following scenario: ASP.NET / WebAPI Web Service + HTML/Javascript application
Assume you have a simple database table (TABLE1) with customers (name, address, etc.). You have another table (TABLE2) with sales managers. TABLE1 has a column referencing to one entry of TABLE2. In words: One sales manager is associated to one or more customers. A customer is only assigned to one sales manager.
A sales Manager associated to a customer should be able to edit customer data, all others should only have read-only access.
My challenge: What is the best way to determine the user permissions on the CLIENT side when I want to create the customers table in HTML. Each row I am allowed to edit should have a Edit-Button or html Input fields for example. All other rows should only display the text (e.g. read only rows).
(Assume authentication is no problem. Current user is known both server and client side. )
Current approach: My current approach is to manipulate the WebAPI function, that delivers the customer data. I added another column "permissions", which has the value 0 for read-only and 1 for read-write Access.
Are there better ways of doing this?
Kind regards,
Breakeven
