Ember Websocket and Permissions


#1

Hi, I try to use Ember with the websockets. So i wrote my own adapter. I can make a simple CRUD application that updates in realtime and it’s fine .But i can’t figure out how i can handle permission with my system.

Simple example. i have a list of items display on the screen. When an item is inserted in database, the server emit an event to all client that add this item to the list. But now imagine that only the client with “admin” role can see the whole list of items but “standart” client can just see a restricted list. The request to see result is something like this :

this.store.find(‘item’, { role: “standart” })

The first time the request is made, the server will return the correct result list. But when the update will come how could it notify the correct client. For me it can’t just send the new item to add and let the client code’s(Ember part) decide if it must be display. It’s a security breach because Javascript code can be view and modify. So a standard user’s can access admin list if he modifies his code.

I need a server side solution. But i don’t know how i can do that. Maybe something like a websocket channel to notify changes and a standard REST request to update client. But it can cause a big overload no?

Tell me if i’m not clear :smile:

Thank you in advance.


#2

A channel is the way to go, you subscribe users to a particular channel based on role. Then emit changes on the particular channels based on who should receive the broadcast.


#3

Ok think, i will try that ^^