Skip to Content

What should be the best approach to hide a button or any ui control in sapui5?

Hi Friends,

I want to hide a button on my view based on some back-end condition or role, currently I can hide the button by binding a model property and setting the respective value. But user can able to revert the visibility property by using the F12(Developer mode) in chrome. So what is the best way to handle this kind of issues.

Thanks

Suman Kumar

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Feb 20 at 11:20 AM

    What does this button do? Why you want to keep it hidden from the user?

    These might seem silly questions, but in fact are important ones. If you have an action (lets say a DELETE action on the model) that this button triggers, then hiding it will not save the problem AT ALL. If someone is smart enough to go through F12 and make this button appears, they might as well simply execute the DELETE HTTP method via Postman or even by Google Dev Tools console.

    Hiding a button in a web application is like having a hidden button that opens the save without the key: its just Security through obscurity, which by itself is an antipattern.

    You should implement the security check back in your model, not in your view.

    Bruno

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 20 at 02:12 PM

    Hi Suman, like everything in web you have two different side:

    • Frontend side
    • Backend side

    and I think that for safety you should always double check them (even if you think it's redundant).

    So my suggestion is:

    • hide/disable the button on your UI
    • prevent user to commit CRUD operations if he's not allowed from JS
    • prevent user to commit CRUD ops directly on the backend (checking if he has the correct role)

    Ema.

    Add comment
    10|10000 characters needed characters exceeded