How are people handling authorization and different backend responses?

I’m curious how some devs are handling API’s where different roles get different shapes of data back based on the user’s role? Using a sum type for each role’s data shape or use a sum type for each field or something else?

if it’s really different shapes then yes a sum-type with one case for each shape. Or if the shapes only really differ slightly one shape with nullable fields for the differences - for example a super-user might just get more information so this information might be Nothing for a normal user.

1 Like

In recent work, we chose the single field Maybe.

In the view, do you match on the value in the field or on the user role? We chose match on value in the field, but it feels more natural to have the match reference the user’s role.

I think that really does depend on the situation - if it’s just some part of the page that get’s displayed or not I’d act on the maybe if the hole page would look differently I’d split the view into two.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.