How to use permissions?
A brief example of how permissions would work in a real-world application.
To demonstrate the use of permissions, let's image a web app for the community of Coffee Aficionados, where users can browse coffee beans and basic and premium recipes.
- Everybody can get a list of coffee beans, but only moderators can create and delete new ones (2 scenarios: by role and with Deskree Admin Token).
- Basic recipes can only be seen and managed by registered users.
- Private recipes can only be seen and managed by users who have a "premium_member" role.
- Only moderators can delete recipes.
- The recipes are private. Therefore, nobody can get a list of them, only by uid.
- Comments can be seen and managed by registered users.
For this app, let's have the following database tables:
- Users (default)
- coffeeBeans
- basicRecipes
- privateRecipes
- comments
/api/v1/rest/collections/coffeebeans
Method | Permission |
---|---|
GET | Public |
GET_UID | Public |
POST | Roles ["moderator] |
PATCH | Author |
DELETE | Author |
/api/v1/rest/collections/basicrecipes
Method | Permission |
---|---|
GET | Private |
GET_UID | Private |
POST | Private |
PATCH | Author |
DELETE | Roles ["moderator] |
/api/v1/rest/collections/privaterecipes
Method | Permission |
---|---|
GET | Admin |
GET_UID | Author |
POST | Roles ["premium_member] |
PATCH | Author |
DELETE | Roles ["moderator] |
/api/v1/rest/collections/comments
Method | Permission |
---|---|
GET | Private |
GET_UID | Private |
POST | Private |
PATCH | Author |
DELETE | Author |
Last modified 4mo ago