URL routing for master detail pattern [closed]

Question

Closed. This question is opinion-based. It is not currently accepting answers.

Want to improve this question? Because this question may lead to opinionated discussion, debate, and answers, it has been closed. You may edit the question if you feel you can improve it so that it requires answers that include facts and citations or a detailed explanation of the proposed solution. If edited, the question will be reviewed and might be reopened.

Closed 10 years ago.

Improve this question

Are there any best practices for URL routing in a master detail application?

Let's say the master is a list of fruits. And the master can be filtered based on user security (not all users have access to banana, client side filters (only show green fruits), etc.

The URL route for an apple cannot be as simple as /apple, because there is no guarantee that apple is currently in the master list.

Or would it make sense to handle detail items that are not in the master? You could update the master list to ensure that apple is there, or leave the master list as is, without apple.

Or would you handle routing differently than /apple?

I am not sure quite what you are asking. Is your real concern how to integrate access control to a master detail app? — Jay Elston
– Jay Elston, Commented May 15, 2015 at 20:08

Jez · Accepted Answer · 2015-05-15 16:06:26Z

3

I would keep your routing as simple as possible - /apple seems perfectly valid.

If the user is not allowed to view /apple then show them an error message, if they are allowed to but apple is currently hidden by filters, I'd remove those filters and show them the apple.

Basically - routes should refer to distinct resources and not be clouded by other concerns.

answered May 15, 2015 at 16:06

Jez

3641 silver badge9 bronze badges

1

Yes, a 403 page saying 'You have no access here; we can neither confirm nor deny the existence of apples' would be perfectly fine. Add a helpful link to /fruit with a list of allowed fruit for extra points.

9000
– 9000

2015-05-15 16:26:46 +00:00
Commented May 15, 2015 at 16:26

Add a comment |

9000 · Accepted Answer · 2015-05-15 16:33:32Z

What I'd use:

/fruit or just / — allows to select a master which the user is allowed to see.
/apple, /banana, etc — access a particular master and show available details. If the user is not allowed, responds with a 403.
/apple/seed — access to a detail record; again, is access-controlled and give 403 if the user is not allowed to access either a particular detail or a particular master.
/anything-else — returns 403 (not 404) to prevent a user from checking which fruits exist and which don't.

Upsides: utter simplicity, easy-to-remember links.

Downsides: need to check for master access on every detail page.

Stack Exchange Network

URL routing for master detail pattern [closed]

2 Answers 2

Hot Network Questions

URL routing for master detail pattern [closed]

2 Answers 2

Related

Hot Network Questions