Elegant coding, how to deal with hidden/invisible HTML code ?

Question

I am developing an ask-and-answer website. There is a "Choose as best answer" button besides each answer, this button should be visible to the asker but should be invisible to other viewers. Other part of the web page is almost the same. So how can I code this web page? Should I check the viewer identity every time to determine whether or not the button should be visible. If there are many answers to a question, there are many buttons hidden from viewers except the asker. Does this kind of coding waste a lot of extra bandwidth? And I think this kind of coding is a little bit fishy. Is there a better way to do it?

The same problem goes with the "add comment" button. Right below there is an "Add comment" button and a hidden <form><textarea></textarea></form>, if there are 20 answers, there would be 20 hidden <form></form>, the hidden code greatly increase the size of the HTML file. Is there an elegant way instead?

As for "add comment" button, any logged user can add comment, so there is no identity differentiation. So how to deal with the issue?

Answer 1

Should I check the viewer identity every time to determine whether or not the button should be visible.

Yes, check and then don't show the button. In addition you should also check once the button is pushed and it once you are processing that action that it's not the asker who initiated it because that is easily abused.

Answer 2

This type of stuff isn't a waste of bandwidth, no. And yes, you should only include those controls on the page if they are available to the user presently viewing the page, so be sure to check who your logged-in (if they're logged-in) user is and what their relationship is to the item they're viewing.

This could be as simple as:

if ($current_user_id == $question_asker_id) {
  // show 'accept as best answer' form
}

Be sure to check the form-data on the server-side too before permitting any changes to anything.

Answer 3

You're not supposed to be hiding the HTML, you're supposed to not include the HTML. I.e. on the server, you're doing something like this:

if ($loggedIn && $user == 'asker') {  // pseudocode
    echo acceptButton();  // outputs the HTML for the button
}

Non-asker users will not even receive the HTML for the accept button in their browser.

Answer 4

If you're concerned with 20 minor forms taking much space (hint, they don't, most servers compress their output, so the extra forms are pretty much compressed away), just use simple links.

For hiding just use if tests and you should check the identity of the user to do this. The overhead of this single if statement (even if ran 20 times) is pretty much zero.

"Premature optimization is the root of all evil" - learn this, live this.

The "elegant" way to do this would be (pseudocode):

foreach($answers as $answer)
{
    // Print answer here
    if($current_user == $question_asker)
    {
        echo "button form here";
    }
    echo "comment form here";
}