I am building a single page web system by using Angular as front end and Java(Spring-Boot) as backend. This system has different roles and user must be assigned to one Role. Different role can do different operations.
Let's say to keep it simple : there are 2 roles in System : Super User and Admin. The only feature in this system is Product which has 3 properties : name, retail_price,factory_price. Super User can add product and update these properties. Admin can view name and retail_price but Admin is not able to see factory_price.Admin can also update retail_price but can not add Product.
In order to implement this feature control in Angular, right now, i am hardcoding the code in HTML. When showing the Products page, the Add button will be shown if the login user belongs to Super User. When showing the Product Detail Page, factory_price will be hidden and name field will be readonly if the login user belongs to Admin.
Obviously,it's not good way to do it because all these control code is in HTML , everyone can read it and know our logic. I am looking for some solution and guidance which can handle this logic in server side and server just return whatever browser needs to show and front end (Angular) just show the content from server and get rid of all these control logic as mentioned above.
Another challenge is how to handle different HTML for different role. e.g for Product detail page, i want to prepare the HTML content for different role in Server side and once login user goes to Product detail page, angular just send a Restful call and get the HTML content from backend and show it. Then Client side doesn't need to have any logic and just show it. Should i use different HTML template for different role?
The protocol you are using is HTTP which is stateless. It is not mentioned which technology in Java ( Spring , JSP Servlet ) you are using for your backend. If you have different users and they have different authorities or roles you need to keep a session associated inside back end. When you can get the logged in user then you can extract the roles of that user. Upon these attributes you can query the database and provide data to the client end.