Best practice for authorization in accessing a screen


I have a screen where I need to check a role (ex.: Manager) and a department (ex.: Logistics).
The Role is created in the roles logic. The department is in a custom aggregate that was created.

What is developed now:

I am using a data action to know if the user has the right department, and the rest of the aggregates are fetching only after this validation.
Is this the best practice? Is there a better solution? I am worried about performance issues.
With traditional this validation was made in the preparation, in reactive I don't know where should I do this.

Thank you in advance,
Best Regards,

Hi @Diogo Luciano,

I think this is fine performance wise.

I would also use a data action with a server action that checks for the right department (to keep the check the same over the entire application). 

If you are worried about performance you can always change it around a little.

1. fetch the aggregates on start.

2. have the containers containing the data of the aggregates not visible until the data action is fetched.

3. if the data is fetched set the visibility of the container to true or if the user does not have the rights redirect the user to another page (invalid permissions page).

Hope this helps

Hi Mika!

Thanks for your advice!
The containers are a good advice, I will test it out!

Best Regards,

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.