As a client, I should be able to see all my orders - but not other users' orders.
As an admin / business staff member, I should be able to see all users' orders.
Dev Notes
Suggestion from Nathan:
"as far as the roles portion, you can definitely do that, but its more complicated. the way I'd suggest doing things like that is having a flag on the users table, and when a request comes in, the first thing you do is query for the user data, and check if the user is an admin, if they are, let them get all orders, or orders from users that aren't them
otherwise return unauthorized, or just give them their data
like if i as a user request an order that isn't mine, i should get an unauthorized or a forbidden response"
User Story
As a client, I should be able to see all my orders - but not other users' orders. As an admin / business staff member, I should be able to see all users' orders.
Dev Notes
Suggestion from Nathan:
"as far as the roles portion, you can definitely do that, but its more complicated. the way I'd suggest doing things like that is having a flag on the users table, and when a request comes in, the first thing you do is query for the user data, and check if the user is an admin, if they are, let them get all orders, or orders from users that aren't them
otherwise return unauthorized, or just give them their data
like if i as a user request an order that isn't mine, i should get an unauthorized or a forbidden response"