1

Our application need to handle two types of users: admin and non-admins. Admins should see interface elements that non-admins don't. Admins should be able to add to and update an online database through the app. Non-admins should only be able to see data from the database in the application. How can we best implement this in the application, and what is the best solution for determining if an user in fact is an administrator and storing this for later use?

eirikvaa
  • 1,070
  • 1
  • 13
  • 24

2 Answers2

0

The best option is to handle your security and grant rights from the server.

Many systems can be implemented depending on what technology is used on back-end, basically you need credentials from the user (username / password are often used, but anything guaranteeing the user's identity will work) that the server will use to authorize some actions and deny others.

You could for instance use token-based authentication which is explained here

Then your server can check the user has the correct rights before doing some actions.

Many systems already exists, it all depends on what technology is used on back-end.

Community
  • 1
  • 1
Paul Roy
  • 11
  • 1
  • 3
0

IMO the best approach for your scenario would be as follows:

1)Server Side:

  • At your server end maintain a user with admin access.That means you will create a user and give the credentials to the authorised person.
  • In your login service, check if the credentials provided are of admin or not. If it's admin then return a flag say isAdmin = true
  • For later use you can simply save this flag in NSUSerDefaults as its the best solution to handle limited amount of data.

2) At App Side:

  • If the user is admin (isAdmin = true), then set your appropriate UI elements and give access to online database.
  • If the user is non-admin then change your UI Settings and load your local database for this user.
Vishal Sonawane
  • 2,637
  • 2
  • 16
  • 21