At when should page permissions be fetched?


#1

In our applications, we have permission data which is used to enable/disable the current user’s views and abilities. If the a user doesn’t have a permission for a route, the user cannot go to that route or even doesn’t see the links that redirects to that route.

The problem is, we need to retrieve permission data from server before any route loaded. The data retrieved with a promise. So we need to delay routes since the promise is resolved. Do you have any suggestion for this case?

My current options are:

  1. Return the promise from the application-route’s beforeModel hook. (this can solve the problem but application-route seems unrelevant for permissions.)
  2. Use application initializer’s deferReadiness method. (instance-initializers may be relevant but i’ve a confusion about initializers. Since the permissions are about the state of the application.)

PS: Of course we have a solid server-side authentication mechanisms on data. As an enterprise application, we have lots of pages and we need a fine-grained permission structure for the pages, buttons and etc. to hide the buttons/pages that cannot be performed by current user.


#2

I would definitely put it in the application route. Basically AFAIK the application route/template should be used for anything that is global across the app, and permissions data fits that nicely (assuming the user is logged in of course). We basically do that in the main app that I work on (though our permissions aren’t fine-grained at all). If it were me I would put it in the application route model instead of beforeModel. It is model data after all, and then it could be referenced in the application controller or template if necessary as well as pretty much anywhere else using the “modelFor(‘application’)” method. As a general rule of thumb I’d say trying to do as much data fetching as possible in a route model hook is the preferred way of fetching data asynchronously.