You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While the client will only display an option to perform certain actions if a user is authorized to do so, for security purposes, it is still vital to ensure that a use is authorized to mutate any data.
Our middleware will ensure that the api is only callable by signed in users, and there is almost no information that a user should be prevented from viewing. Therefore, we mostly need to protect POST, PATCH, and DELETE routes.
From a high level,
admins should be able to do anything
project members and leads should be able to edit information about the projects they are added to
all users should be able to edit their own personal information, except for modifying their roles
It may be useful to make some helper functions to accomplish all of this.
The text was updated successfully, but these errors were encountered:
While the client will only display an option to perform certain actions if a user is authorized to do so, for security purposes, it is still vital to ensure that a use is authorized to mutate any data.
Our middleware will ensure that the api is only callable by signed in users, and there is almost no information that a user should be prevented from viewing. Therefore, we mostly need to protect POST, PATCH, and DELETE routes.
From a high level,
It may be useful to make some helper functions to accomplish all of this.
The text was updated successfully, but these errors were encountered: