如何保护针对不同用户群的路线 [英] How to protect routes for different user groups

问题描述

我在建设有Backbone.js的惊奇，如何保护针对不同用户群的路线的应用程序。

I'm building an app with backbone.js and wonder, how to protect routes for different user groups.

我见过很多教程一些简单的验证方法，但我没有找到有关用户组的任何信息。

I've seen many tutorials with some simple authentication methods, but i doesn't find any information about user groups.

比方说，我有我的应用程序2用户组：管理员（读/写）和人（读）。我怎么可以设定与Backbone.js的安全认证系统，让客人将无法打开 HTTP： //example.com/foo/1/edit ？

Let's say i have 2 user groups for my app: admins (read/write) and guests (read). How can i setup a secure authentication system with backbone.js, so that guests won't be able to open http://example.com/foo/1/edit?

任何想法？

推荐答案

一种选择是，如果用户是管理员组中只设置了路线。

One option is to only set-up the routes if the user is in the admin group.

var router = new appRouter();

if (user.group === 'admin') {
  router.route('foo/:id/edit','edit',function {
    // your admin route logic here.
  });

  // or define the function in your router and reference it
  // such as: router.route('foo/:id/edit','edit',router.edit);
}

Backbone.history.start();

如果你有路线很多，你可以创建一个包含您的管理员路线如下所示的对象：（可能要添加一个属性的路线名称虽然）

If you had alot of routes you could create an object that contains your admin routes like the following: (may want to add a property for the route name though)

var adminRoutes = {
  'foo/:id/edit':function() {
       // your logic here
   },
  'another/route': // same set-up as above
  ...
};

然后设置它们在一个循环的如果状态：

for (var k in adminRoutes)
  router.route(k,k,adminRoutes[k]);

反正，存在与这种方法的几个不同的设置选项。

Anyway, there are a few different set-up options with this method.

这种方法的好处是，你不必检查路由和用户权限的用户导航到每条航线。任一路线建立或不是。

The advantage with this approach is you don't have to check the route and user permissions each route the user navigates to. Either the route is set-up or it isn't.

如果您的用户必须升级到管理员权限，然后包装在一个函数的路由的建立逻辑并调用它，当用户被授予管理员权限的能力。

If your users have the ability to upgrade to admin rights then wrap the route set-up logic in a function and invoke it when user is granted admin access.

除了这一切，据我所知，这是不可能建立一个安全的认证系统上的前端。您还必须检查权限的服务器端，无论你决定对任何办法。

Aside from all this, to my knowledge, it is not possible to set-up a secure authentication system on the frontend. You must also check permissions server-side, regardless of any approach you decide upon.

这篇关于如何保护针对不同用户群的路线的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！