Deciding on the correct syntax for UI permissions

time to read 1 min | 173 words

Going back to why I hate new projects, I am trying to figure out how to perform UI level security. Right now I need to dynamically decide whatever or not a user can edit a webcast. I came up with the following options.

Explicitly allow this for administrators only:

<% component adminOnly: %>
${ Html.LinkTo( "Edit", "webcast", "edit", webcast.Id) }
<% end %>

Allow this by operation:

<% component securedBy, {@operation: '/webcast/edit': %>
${ Html.LinkTo( "Edit", "webcast", "edit", webcast.Id) }
<% end %>

The second is much more flexible, but I am not sure that I am happy about putting the operation in the view.

I can create this, for that matter, which might be better all around, in which case this encapsulate everything inside it.

<% component edit, {@entity: webcast} %>