search

Ratnesh-Team / Rehabify

The Path to a Brighter Tomorrow "
https://rehabify.ratn.tech
MIT License
18 stars 45 forks source link

Implement Role-Based Access Control for Backend API #39

Closed ratnesh-maurya closed 1 month ago

ratnesh-maurya commented 1 month ago

Description:

We need to implement role-based access control (RBAC) for our backend API. Currently, the API does not enforce permission checks based on user roles. Each API endpoint should verify the user's role (obtained from the bearer token) and execute the endpoint only if the user has the appropriate permissions.

Implementation Reference:

The following code snippet demonstrates the desired role checking mechanism:


        role, _ := c.Get("role")

        if role != "superadmin" && role != "admin" && role != "user" {
            c.JSON(http.StatusUnauthorized, gin.H{
                "status":  http.StatusUnauthorized,
                "message": "Unauthorized ",
                "data":    nil,
            })
            return
        }

Objectives:

  1. Role Extraction: Extract the user role from the bearer token in the context.
  2. Permission Checks: Implement checks in each API endpoint to verify if the user has the required role(s) to execute the operation.
  3. Error Handling: Return appropriate HTTP status codes and messages if the user is unauthorized.
  4. Testing: Ensure that the new role checks are thoroughly tested for all API endpoints.

Requirements:

Acceptance Criteria:

Charul00 commented 1 month ago

can you please assign to me i am interested in this

ratnesh-maurya commented 1 month ago

I have assigned one task to you once you finish that then i can assign you this issue Thanks

yasheela-alla commented 1 month ago

Hi @ratnesh-maurya sir! could you Please assign this issue to me

ratnesh-maurya commented 1 month ago

sure , go ahead

ratnesh-maurya commented 1 month ago

@yasheela-alla what .env variables you are using i think the error which you mention was due to "SALT" use this as the env variables

SALT = "E_SALA_CUP_NAMDE"

yasheela-alla commented 1 month ago

image still seeing the error 404

ratnesh-maurya commented 1 month ago

48