Authorization

Introduction

Authorization is about having levels of access. For example if the admin is a superadmin he must have superior levels of access compared to a regular admin. There are a lot of ways to implement authorization in your app and it really depends on your business requirement. Check here if you're interested https://www.osohq.com/post/ten-types-of-authorization

Role Based Access Control

The way I implemented it is just a simple RBAC, you can see it here on this file. Only a superadmin can modify an admin record. You can use this pattern throughout your app.

/admin-web/.../api/admins/[id]/route.ts

  // RBAC
  if (request.admin.adminType === 'admin') {
    logger.error('Update Admin', {
      app: 'admin-web',
      correlationId,
      data: JSON.stringify({ admin: request.admin }),
    });

    return NextResponse.json(
      {
        data: null,
        message: `Invalid request`,
        success: false,
      },
      { status: 400 }
    );
  }

PreviousAuthentication NextComponents

Last updated 3 months ago