How to restrict screens on front end SPA powered by Django based on user roles?

Asked Oct 17 '18 at 11:21

Active Oct 17 '18 at 11:28

Viewed 264 times

I ended up having to plug a react SPA front end with a django backend.
Now I want to restrict some screens for some users based on user roles.
I can use django user groups to create roles. The entire JS for the website is sent to the browser on the first load. How can I read user roles on the front end and then restrict access?
Or is there another better way to do this?

edited Oct 17 '18 at 11:28

asked Oct 17 '18 at 11:21

Jeff P Chacko

4,908
4
24
32

The authentication is made with React or in Django? – 0xc14m1z Oct 17 '18 at 11:32
The authentication is done using django auth. – Jeff P Chacko Oct 17 '18 at 11:34
1

Any client side restrictions can be bypassed by an attacker, so you should protect data also on the server side. That said, you could pass the user permissions as an array of strings to the front end. See this question: https://stackoverflow.com/questions/16573174/how-to-get-user-permissions – Håken Lid Oct 17 '18 at 14:01

How to restrict screens on front end SPA powered by Django based on user roles?

0 Answers0