A production-ready boilerplate based on Node.js, Express and MongoDB (using Mongoose ODM) written in TypeScript. It gets you up and running very fast to quickly build RESTful APIs.
MIT License
10
stars
1
forks
source link
More fine-grained permissions / ownership concept #7
It might be helpful to either introduce some notion of "owning" an entity or make rights more fine-grained.
For instance, to access the GET /v1/users/:id endpoint, a user requires the USER_READ right. However, this only distinguishes between being able to either read all users or none at all. Instead, it might be useful to be able to access that endpoint (same for DELETE, PUT, ...) for oneself only, but not for others, i.e. read, edit, delete, ... my own account only.
It might be helpful to either introduce some notion of "owning" an entity or make rights more fine-grained.
For instance, to access the
GET /v1/users/:idendpoint, a user requires theUSER_READright. However, this only distinguishes between being able to either read all users or none at all. Instead, it might be useful to be able to access that endpoint (same forDELETE,PUT, ...) for oneself only, but not for others, i.e. read, edit, delete, ... my own account only.