Considering sharepoint development is mostly moving to client side with JSOM, REST api exposed. Even in recent announcement we have Sharepoint framework based on Client side.
With this I am assuming MS really want us developers to develop solution based on Client technology.
So i want my client application creates/edits items in list through front-end,so i Must provide contribute access to all the users. However, if this is little confidential, e.g Leave rquests, reimbursment reqeusts, I still have to provide users contribute access.
For a moment thought may be we can have app only policy and control this with permissions, but again sharepoint-hosted apps do not support app only policy.
I would like to know, what is the best way to handle such scenarios i.e. to have complete client based solution and handle the security as well? I understand we can write have server side code etc the old traditional way with run with elevated prev., but m really interested in client bases applications.
From what I have seen I don't think you really can, which is a shame since the framework seems very promising. Not being able to elevate privilege's will limit what we can use it for unless Microsoft have something up their sleeve. There is always server side parts but they have dissadvantages, and don't (yet) work on modern pages from what I've read.