Links
Comment on page

How to use permissions?

A brief example of how permissions would work in a real-world application.

Overview

It is recommended to read through our permissions documentation before diving into this example.
To demonstrate the use of permissions, let's image a web app for the community of Coffee Aficionados, where users can browse coffee beans and basic and premium recipes.

Scenario

  • Everybody can get a list of coffee beans, but only moderators can create and delete new ones (2 scenarios: by role and with Deskree Admin Token).
  • Basic recipes can only be seen and managed by registered users.
  • Private recipes can only be seen and managed by users who have a "premium_member" role.
  • Only moderators can delete recipes.
  • The recipes are private. Therefore, nobody can get a list of them, only by uid.
  • Comments can be seen and managed by registered users.

Solution

Database

For this app, let's have the following database tables:
  • Users (default)
  • coffeeBeans
  • basicRecipes
  • privateRecipes
  • comments

Permissions

/api/v1/rest/collections/coffeebeans
Method
Permission
GET
Public
GET_UID
Public
POST
Roles ["moderator]
PATCH
Author
DELETE
Author
/api/v1/rest/collections/basicrecipes
Method
Permission
GET
Private
GET_UID
Private
POST
Private
PATCH
Author
DELETE
Roles ["moderator]
/api/v1/rest/collections/privaterecipes
Method
Permission
GET
Admin
GET_UID
Author
POST
Roles ["premium_member]
PATCH
Author
DELETE
Roles ["moderator]
/api/v1/rest/collections/comments
Method
Permission
GET
Private
GET_UID
Private
POST
Private
PATCH
Author
DELETE
Author
Copyright © 2023 Deskree Technologies Inc.