qq: Has anyone established patterns for "frontend" integrations, eg in React/etc
As an example, say there is a
. It can either be Visible, Not Visible, or Visible but Disabled, depending upon different Permissions.
In some previous work which was not as fine-grained as Zanzibar systems, I've made React Components like
</ which would Hide its children if the User didn't have a permission (which was generally a List of Strings/IDs, attached to the React Context, which we set on App initialization). Similar thing for properties like Disabled=true on a component, just a react func that returns bool (useHasPerm(someConst).
Obviously running the full "calculation" on the frontend doesn't seem viable :). (even with all the cool kids running SQLite on the frontend with WASM)
Is the best practice re-exposing a sub-set of the SpiceQB queries over my API Surface, and injecting the User identity there to ask Questions? Eg, some kind of API for Permission Checking the frontend can call alot, which mostly just proxies to a spicedb call?