Closed filipef101 closed 3 years ago
personwholearn
commented
4 years ago yes, me too, also when I change the file of .env to DEFAULT_ROLE=subscriber it totally lacks permissions, i wish if there is any update of this issues, and I also have 2 problems now, How can I modify or reset the password of users via API and also modified the roles API? I don't see any guide for that.
samarpanB
commented
4 years ago Did you assign permissions to specific APIs ?
Currently the permissions are structured in a way that they can cater to general permissions. For specific cases where id based checks are needed, that needs to be handled within API separately. You can also create your own interceptor for such purposes. I’ll try to share one sample with you for own user permission handling.
samarpanB
commented
4 years ago yes, me too, also when I change the file of .env to
DEFAULT_ROLE=subscriberit totally lacks permissions, i wish if there is any update of this issues, and I also have 2 problems now, How can I modify or reset the password of users via API and also modified the roles API? I don't see any guide for that.
We have intentionally not added these APIs from the starter kit. We wanted to leave that as an exercise for users. If needed some, we can add such examples too.
For the role change, please read through the docs. When you add a new role, you also need to provide permissions to it in DB
samarpan-b
commented
3 years ago I hope the question is answered here. Let me know if you have further questions or we can close this issue.
It seems that the permissions are lacking something. Because a user with the role, "viewownuser" can view all the users, ex empty query, that will return all the user and details. Probably it is the same for UpdateOwnUser, will be able to update any user.