Hi all,
I have a question around the representation and result of permissions.
Say I have an application that manages socks inventory. The UI is
displaying a button to delete socks. However, some user doesn't have the
right to delete socks!
So, I perform a request to Keycloak to get the permission.
It works well: if the user doesn't have permission, the message
"authorization denied" is displayed on the screen.
However, it would be nicer to remove the "delete" button entirely.
My policies are quite complex and multi-dimensional: You can delete socks
if you are admin, but also if it belongs to you, you belong to some groups
etc.
So anticipating the reply to an authorization request can be very hard.
What do you suggest? Should we perform a "test" authorization request
before display the "delete" button?