Authorization
Introduction
Authorization is about having levels of access. For example if the admin is a superadmin he must have superior levels of access compared to a regular admin. There are a lot of ways to implement authorization in your app and it really depends on your business requirement. Check here if you're interested https://www.osohq.com/post/ten-types-of-authorization
Role Based Access Control
The way I implemented it is just a simple RBAC, you can see it here on this file. Only a superadmin can modify an admin record. You can use this pattern throughout your app.
// RBAC
if (request.admin.adminType === 'admin') {
logger.error('Update Admin', {
app: 'admin-web',
correlationId,
data: JSON.stringify({ admin: request.admin }),
});
return NextResponse.json(
{
data: null,
message: `Invalid request`,
success: false,
},
{ status: 400 }
);
}
Last updated
Was this helpful?