I’m working on setting up the security interceptor for a new app I’m developing and I am wondering: what is the best way to go about handling permissions for viewing certain elements on a page? For example, lets say I have a view that has a table displaying a list of records that users can view. Most users can just view them but some users are given a button for each row to let them delete/edit. Usually I’d just look at the session variables, determine if their level is great enough to display the buttons, then show the button or not. I’d like to encapsulate that better with this new app so that if we change the way we do security (a very likely possibility) I won’t have reference to session variables all over the place.
My understanding is that the security interceptor can only be used at the event level and so I won’t be able to use it to determine what page elements to display to a user. But, I could always have separate events and separate views for each type of user (which seems like overkill and way too much duplication). So how does everyone handle this?