So you scaffolded a blog post and handled permissions in a clean way… Perhaps… const isAllowedToUpdate = user . id === author . id || user . role ; const BlogPost = () => { return ( < BlogPost > { isAllowedToUpdate && < EditBlogPost /> } </ BlogPost > ); }; Enter fullscreen mode Exit fullscreen mode Shocker: That was a vulnerable piece of code right there. It shows how fragile randomly handling permissions with if/else can be. One little oversight and you're breaking a costly business logic. So let's fix that. Let's be more maintainable, reusable, and scalable. That's the purpose of this article. Let's get right in. The Very Basics I was recently the backend developer for a project that involved 4 roles: Pharmacy Customer Consultant Driver For the sake of clarity, I'll reduce the resources involved to just 3: Inventory Medical records Deliveries So here's the basics of the relationship.…