Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Implementing Frontend Permission Control with a Custom Vue Directive

Tech 1

The v-hasPermi custom directive provides a mechanism for frontend element-level access control by binding visibility to user permissions stored in the application state.

Directive Application Syntax

Apply the directive directly to HTML elements within a Vue template. The directive expects an array of permission codes as its value.

<el-button v-hasPermi="['user:create']">Add New User</el-button>

The element will be rendered only if the current user possesses atleast one of the permissions listed in the array. The permission codes must correspond to the identifiers defined in the backend authorization system.

Custom Directive Implementation

To integrate this directive into a Vue application, define it globally.

  1. Create the Directive Logic Place the directive definition in a module, such as src/directives/permission.js.
import Vue from 'vue';

export const hasPermissionDirective = {
  inserted(el, binding) {
    // Extract the required permission list from the binding value
    const requiredPerms = binding.value;
    if (!Array.isArray(requiredPerms) || requiredPerms.length === 0) {
      return;
    }

    // Retrieve the user's permissions from the Vuex store
    const userPermissions = Vue.prototype.$store.getters.permissions || [];

    // Verify if the user has any of the required permissions
    const isAuthorized = requiredPerms.some(perm => userPermissions.includes(perm));

    // Remove the element from the DOM if authorization fails
    if (!isAuthorized && el.parentNode) {
      el.parentNode.removeChild(el);
    }
  }
};

// Register the directive globally
Vue.directive('hasPermi', hasPermissionDirective);
  1. Import the Directive Module Ensure the directive is loaded at the application's entry point before the root Vue instance is mounted.
// main.js or equivalent entry file
import './directives/permission';
  1. Using the Directive in Components Once registered, the directive is available in any component template.
<template>
  <div>
    <a-button v-hasPermi="['order:delete']" type="danger">Delete Order</a-button>
    <a-button v-hasPermi="['report:view', 'admin:all']">Generate Report</a-button>
  </div>
</template>

Key Implementation Considerations

  • Permission codes passed to v-hasPermi must be synchronized with the backend's permission schema.
  • The directive relies on a populated Vuex store ($store.getters.permissions). Ensure user permissions are fetched and committed to the store upon authentication.
  • For applications with dynamic permissions that can change during a session, consider updating the directive logic to react to store mutations, potentially using a componentUpdated hook.
Tags: vueFrontend PermissionsCustom DirectiveAccess Control
Back to List

Prev: C Language Structures: Declaration, Initialization, and Member Access

Next: jQuery Mobile Advanced Development: Configuration, Events, App Building, and Theming

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top