0

I've got 5 user roles ("admin","modifier","manager","projectmanager","readonly") and need to execute different code depending on the specific role (only one role per user). Before I setup users and roles in a databse, I want to make it work and test the functionality in JavaScript. How can I 'connect' the users (hardcoded values) to the right role and execute the code?

Should I use arrays or maybe a switch case?

Something like: 

//Declaration
arrAdmin["user1","user5","user9"];
arrModifier["user3","user6","user8"];
arrManager[];
arrProject["user4"];
arrReadOnly["user2","user7","user10","user11"]
...

function executeFunctionality(user){
var userFound = false;
while(userFound == false){
    for(var i=0; i<arrAdmin.length; i++){
        if(user == arrAdmin[i]){
            userFound = true;
            executeAdmin();
        }
    }
    for(var i=0; i<arrModifier.length; i++){
        if(user == arrModifier[i]){
            userFound = true;
            executeModifier();
        }
    }
    for(var i=0; i<arrManager.length; i++){
        if(user == arrManager[i]){
            userFound = true;
            executeManager();
        }
    }
    //etc...
}
}

or a switch case maybe?

switch(user){
"user1" : executeAdmin();
"user2" : executeReadOnly();
"user3" : executeModifier();
"user4" : executeProject();
"user5" : executeAdmin();
// etc ...
}

Thanks in advance!

Robert
  • 3
  • 2
  • 2
    Anyone can change anything in Javascript on the browser side. So authentication or authorization in any security model must be checked server side no matter what is hidden or displayed in a browser. You know that, right? – Paul Jun 18 '13 at 09:11
  • I don't know that much about security yet, but I want it to work in Javascript because I want to practise. Later, I'll put it all in a database and convert the client side code to server side. – Robert Jun 18 '13 at 09:19

3 Answers3

2

You should definitely put that logic on the server side and deliver content and scripts according to th current user's role, because your JS can be accessed by anyone. It is NOT safe to dal with that on the client side!

Rob
  • 11,492
  • 14
  • 59
  • 94
  • You stole my name:) Like I said earlier, the idea is to practise, so no damage done. However, I would like to know how people can access the javascript, can they alter it too? Maybe with Firebug or something? – Robert Jun 18 '13 at 09:25
1

With a slight modification to this answer you should be able to do something like this:

var dispatcher = {
    "user1": executeAdmin,
    "user3": executeModifier,
    "user4": executeProject,
    "user5": executeAdmin
//...
};

(dispatcher[user] || executeReadOnly)();

Note: if the 'readonly' user role means basic privileges for all users - which seems to be the case in your example - there's no need to map any users to it. Just implement a default scenario that applies to all users (that don't have any extras).

Community
  • 1
  • 1
Lave Loos
  • 1,252
  • 1
  • 11
  • 15
0

This should do

function executeFunctionality(user){
    if(executeUserFunction(arrAdmin, user, executeAdmin)){
        return true;
    }

    if(executeUserFunction(arrModifier, user, executeAdmin)){
        return true;
    }

    if(executeUserFunction(arrManager, user, executeAdmin)){
        return true;
    }
    //etc
    return false;
}

function executeUserFunction(array, user, fn){
    var i;

    for(i = 0; i < array.length; i++){
        if(user == array[i]){
            fn();
            return true;
        }
    }
    return false;
}
Arun P Johny
  • 384,651
  • 66
  • 527
  • 531