How to use permissions?
A brief example of how permissions would work in a real-world application.
Overview
It is recommended to read through our permissions documentation before diving into this example.
To demonstrate the use of permissions, let's image a web app for the community of Coffee Aficionados, where users can browse coffee beans and basic and premium recipes.
Scenario
Everybody can get a list of coffee beans, but only moderators can create and delete new ones (2 scenarios: by role and with Deskree Admin Token).
Basic recipes can only be seen and managed by registered users.
Private recipes can only be seen and managed by users who have a "premium_member" role.
Only moderators can delete recipes.
The recipes are private. Therefore, nobody can get a list of them, only by uid.
Comments can be seen and managed by registered users.
Solution
Database
For this app, let's have the following database tables:
Users (default)
coffeeBeans
basicRecipes
privateRecipes
comments
Permissions
/api/v1/rest/collections/coffeebeans
GET
Public
GET_UID
Public
POST
Roles ["moderator]
PATCH
Author
DELETE
Author
/api/v1/rest/collections/basicrecipes
GET
Private
GET_UID
Private
POST
Private
PATCH
Author
DELETE
Roles ["moderator]
/api/v1/rest/collections/privaterecipes
GET
Admin
GET_UID
Author
POST
Roles ["premium_member]
PATCH
Author
DELETE
Roles ["moderator]
/api/v1/rest/collections/comments
GET
Private
GET_UID
Private
POST
Private
PATCH
Author
DELETE
Author
Last updated