Considering sharepoint development is mostly moving to client side with JSOM, REST api exposed. Even in recent announcement we have Sharepoint framework based on Client side.
With this I am assuming MS really want us developers to develop solution based on Client technology.
So i want my client application creates/edits items in list through front-end,so i Must provide contribute access to all the users. However, if this is little confidential, e.g Leave rquests, reimbursment reqeusts, I still have to provide users contribute access.
For a moment thought may be we can have app only policy and control this with permissions, but again sharepoint-hosted apps do not support app only policy.
I would like to know, what is the best way to handle such scenarios i.e. to have complete client based solution and handle the security as well? I understand we can write have server side code etc the old traditional way with run with elevated prev., but m really interested in client bases applications.
NOTE: I had posted this http://sharepoint.stackexchange.com/questions/191274/how-to-make-client-application-secure-in-sharep... , we discussed the obvious, just want to check if we have some suggestion from this community