Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding FrameWork Lumen How to check if the change in nested data is permissible

Thread Rating:
  • 477 Vote(s) - 3.49 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
How to check if the change in nested data is permissible

Offline prochordal261011


Valued member
***
Valued member
Posts: 1
Threads: 1
Joined: Dec 2020
Reputation: 0
Level: 1 [Level]
Total Points: 0
Rank 0 / 1
99% to upload Level
Rank
Activity 0 / 1
99% to upload your Rank
Activity
Experience 1
99% to upload Experience
Experience

Points: 50
#1
08-06-2023, 04:14 PM
We have a nested JSON structure in our web app on the frontend like Rows > Columns > Elements > Rows > Columns > Elements ...

We also have an API call which sends the entire data as JSON to backend.

In the backend we have a set of several permissions, like column size change, row background change, element ordering change, etc that are permitted or denied for various types of users.

We want to identify in the backend if the change of the nested structure is permissible.

Example 1 [Update data]:

The user has CHANGED the size of a 'Column', where the size is represented as a property in 'Column' object.

or

Example 2 [Remove/Add data]:

The user has removed/added an 'Element' from a 'Column'.

We know that we can do full traverse on the entire tree, and understand if the change was permissible or not, but we are looking for a better and faster, resource saving solution for concurrent connections and many users/big trees.

----

This question seems to be general for different technologies, but I want to let you know that we are using Laravel / Lumen / Dingo in the backend & Ember.js on the frontend.

Thanks for reading and helping :)
Reply

Offline hydrolatry979926


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Mar 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
08-06-2023, 04:21 PM
One option is to not send the entire JSON to the server, but to instead send json patch (see

[To see links please register here]

). Then on the server, have rules that affectively hash the paths in the patch to permissions. In other words, since you are only sending the change and not the entire JSON, the need to parse the entir
Reply

Offline philips216


Member
*
Member
Posts: 0
Threads: 0
Joined: Oct 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
08-06-2023, 04:29 PM
You can have a API for returning permissions (have model `Permission`).

Then check for that permission for any actions you need in frontend by using [ember-can][1].

By this, you can ensure that when you send back data for updating from front to back, it is complying the permissions defined in backend and no need for many back n forth


[1]:

[To see links please register here]

Reply

Offline Drmccowan4


Member
*
Member
Posts: 0
Threads: 0
Joined: May 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
08-06-2023, 04:29 PM
I think you can have type for each change. For example column change is ----> colChange(or simpleChange). Send the type of change with json. Permission can be checked by change type. Also there can be groups of change types and permission can be sat to groups. In case if you don't send data for each change there must be stack of user changes(push type of change into stack on each user change). Send that stack with json to backend .
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through