![]() ![]() We can take advantage of JSON Server custom routes feature to setup resource permissions ahead. Of course, you don't want to directly use guarded routes in your requests. Logged-in user with id: 1 does the following requests :.Public user (not logged-in) does the following requests :.User must own the resource to read the resource. User must own the resource to write or read the resource. User must be logged to read the resource. User must own the resource to write the resource. User must be logged to write or read the resource. User must be logged to write the resource. Guarded routes exist at the root and can restrict access to any resource you put after them : Route Private guarded routes will use the JWT sub claim (which equals the user id) to check if the user actually owns the requested resource, by comparing sub with the userId property.Įxcept for the actual users collection, where the JWT sub claim must match the id property. The resource owner □Ī user is the owner of a resource if that resource has a userId property that matches his id property. Third digit are the permissions for the public users.įor example, 640 means that only the owner can write the resource, logged-in users can read the resource, and public users cannot access the resource at all.Second digit are the permissions for the logged-in users. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |