Is it okay to handle user permissions client side only in a web application?


I’m building a web application for sports leagues. A league profile page is created by the user where they can manage the league (add teams, approve final scores, post announcements, etc.). The user that created this page should be the only one able to perform those actions. Other users can visit the profile meaning READ ONLY.

in the leagues table of the database there is a foreign key column called owner_id that references the users table id column.

In the scenario where a user wants to add a team to the league, is it okay to perform this code on the client side? This would be the only code checking whether the user is authorized. Do I need server side code as well? How would I do that without opening another database connection?

async function AddTeam(){
    if(user.id === league.owner_id){
      ///api call
    }
  }

The user id is available when they log in. The league owner_id is available when the league profile page is visited.

Source: React – Stack Overflow

September 25, 2021
Category : News
Tags: authorization | permissions | reactjs | roles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sitemap | Terms | Privacy | Cookies | Advertising

Senior Software Developer

Creator of @LzoMedia I am a backend software developer based in London who likes beautiful code and has an adherence to standards & love's open-source.