[be] Only owned articles can be updated or deleted

dxps / fullstack-rust-axum-dioxus-rwa

A RealWorld app implementation as a fullstack Rust project using Axum (back-end) and Dioxus (front-end).

MIT License

80 stars 6 forks source link

Closed dxps closed 1 year ago

dxps commented 1 year ago

AS-IS Currently, the authorization is all or nothing: any authenticated user can update or delete any article (besides creating one, of course).

TO-BE Only the user that is the author of (aka own) an article can update or delete it.