Background
I have to migrte a existing javascript application (one page app) to extjs. The display and behavior of the application depends on the users permission.
Current design
The application is divided into plugins, which represent a feature set to which permissions are granted. Each of those plugins consists of a single javascript file. A user can have permissions for one or more plugins. Depending on the permissions, those files are loaded in the head of the page. Each of these plugins will add its entries to the main menu and expose the methods used to drive the application.
The permissions are stored in a mysql database.
ExtJs's default design
In ExtJs the source files contain each a class. During the build process, all .js files are concatenated to yield one big .js file, that contains everything.
What would be the best design approach?
- I considered to use custom compilation with
sencha cmd, and create that way a .js file for each plugin. Then I could load these plugins the same way I do it now. But this results in a complicated build and deployment process. - I also thought about creating one and only .js file with a standard Ext build process. I would then load the permissions from the server via ajax in order to construct the menu. All the objects and methods would exist, but only those are accessible where the user has permissions.
In my opinion, the second approach is much easier maintainable, but it seens to have a security problem, because everyone could look at the source and find out about the data interfaces exposed on the server and consumed by ajax.
Any comments, ideas or advices are welcome. Thanks !
