Use ng-if instead CSS about angular-client-side-auth HOT 5 OPEN

Hey, and thanks for the proposal and code :)
However, I need a little more information before changing out the existing setup. Mostly, I don't see why it's better from a security standpoint to delegate the visibility of the elements to JavaScript rather than CSS though... They are both easily manipulated on the client-side. To make an invisible element implemented with your directive visible, all that is necessary is to put a breakpoint inside the link function, and then change the visibility variable to true. Could you elaborate a little more what you mean?

from angular-client-side-auth.

Thanks for your answer.

Yeah of course that all client-side technologies are exposed to user manipulation. However, changing the visibility of an element using breakpoints and hacking the link function could be considered an attack and the rest of your app should be prepared to handle that cases.

What i'm concerned is to accidentally write a CSS rules for the app that makes elements visible even when is supposed to be hidden.

And beyond of punctual cases, this issue is more related to the separation of concerns. CSS contains the presentation layer of the site. Logic aspects should be handled by JavaScript.

from angular-client-side-auth.

I agree with @alb3rto. I think that using another directive is redundant anyway.

from angular-client-side-auth.

The code that I proposed is an update for the current accessLevel directive.

from angular-client-side-auth.

Okay, thanks for having the patience with me to explain more in detail :) I see your point, and agree it's better to use the ngIf directive rather than manipulating the CSS properties directly. If you submit a Pull Request, I'll be happy to accept.

from angular-client-side-auth.