There are some endpoints that should be reachable by unauthenticated users, while some are should be accessible by only authenticated users. For the latter, being authenticated user is not sufficient to make a certain action. The user should own the related entity.
E.g.,
A user can delete a post if and only if he is the owner of the post.
Any user can search through the posts.
Implement a proper permission policy for the Like, bookmark, and Foolow ViewSets.
📋 Acceptance Criteria
[x] We have a proper permission for the Like ViewSet
[x] We have a proper permission for the Bookmark ViewSet
[x] We have a proper permission for the Follow ViewSet
🧱 Description
There are some endpoints that should be reachable by unauthenticated users, while some are should be accessible by only authenticated users. For the latter, being authenticated user is not sufficient to make a certain action. The user should own the related entity.
E.g., A user can delete a post if and only if he is the owner of the post. Any user can search through the posts.
Implement a proper permission policy for the Like, bookmark, and Foolow ViewSets.
📋 Acceptance Criteria