Unified permission management between API and client

API Platform offers the possibility of creating robust and modular applications, however it is common to require a permissions system to manage users and their abilities.

I will present in this talk my implementation to operate an advanced permissions system based on multiple criterias, in a unified way. This allows flexible and automatic management of both the security of the API (access control for resources, automatic filters, etc.) but also the security of the client (in Vue.js), to control the UI and its functionalities according to the current user’s rights, transparent hot reload of permissions included in case of modifications!