How to forward Drupals Permissions to a Javascript Frontend, to have an adaptive UI

Created on 1 December 2023, about 1 year ago
Updated 19 July 2024, 5 months ago

I am developing a vue frontend for a drupal powered website.

I choosed JSON:API because it works out of the box. Thanks for that.

But now I am near that point were I want to reenable the permission checks to limit users of certain roles / permissions to only perform actions they are allowed to.

We did forward the user permissions array (with all the text permissions, like 'can edit node X', 'can edit own node X' etc.), but this is very limited in beeing useful. For example if the right 'can edit own node' is in that array but the user sees a list of node X items, were only a few are from him, I don't want to let him edit all and only on 'save' he gets the permission denied error.

Therefore my question, to Drupal community members, who faced that problem also:
- are there things in core, which will help me with that, which I may have not discovered yet?
- are there any vue libraries, which will forward Drupals permissions along with entities in question, which can be used?
- are there any other solution to that problem, which I may cannot think of?

I know it's not really a Drupal core question, but as far as I know there is no dedicated Drupal Discord, were I could ask this and get a faster response.

---

My current thought process would be, that I can fire a REST request to Drupal along with zero, one or more entity in question and an endpoint will tell me for each or given combination if that right is granted or not. I do understand, that this is far from secure, because it will travel over the wire, but all I want to do is hide or show buttons for user roles, IF the action is available. If the user will somehow be able to give themself a true, were a false was reported, he'll later on save get the correct response anyways.

💬 Support request
Status

Closed: outdated

Version

11.0 🔥

Component
JSON API 

Last updated 3 days ago

Created by

🇩🇪Germany ro-no-lo

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Issue created by @ro-no-lo
  • There is a large Drupal community on Slack . That is where interactive discussions take place, and faster responses occur.

    Based on how support requests go in the core issue queue, I may be the last person ever to comment here. But, you never know...

    You selected version 9.5.x for this issue. I hope you are not building a new website with 9.5 because 9.5 is end-of-life.

  • Status changed to Closed: outdated 5 months ago
  • 🇳🇱Netherlands bbrala Netherlands

    As mentioned, please use slack for this interactive discussion. If we end up with some good best practices there, we might be able to document that. But closing this for now since is has been open for quite a while now.

Production build 0.71.5 2024