I was going to use the ember-can add-on to manage User’s access. It seems like its implementation supposes the authorizations to be applied by actions (like edit, delete, create, manageSomeThing, etc…). But what to do if I need to apply the restrictions by fields and not by actions? For example,
- if the user is Student, he/she can only read the value of field ‘A’
- if the user is Teacher, he/she can edit the value of field ‘A’.
and so on for other fields of a form. In the beginning, I believed to simply enable/disable the submit button of the form. Now the client would like to manage it by fields by making them disabled/enabled depending on the User role. It seems a little bit verbose to check on all the pages and for every field the User role, IMHO.
What do you think? Is there a better solution?