Adding Permissions
Understand the concepts of authentication and authorization and add custom permissions for managing user access and actions in the project.
We'll cover the following
If authentication is the action of verifying the identity of a user, authorization is simply the action of checking whether the user has the rights or privileges to perform an action.
In our project, we have three types of users:
The anonymous user: This user has no account on the API and can’t really be identified.
The registered and active user: This user has an account on the API and can easily perform some actions.
The admin user: This user has all rights and privileges.
We want anonymous users to be able to read the posts on the API without necessarily being authenticated. While it’s true that there is the AllowAny
permission, it’ll surely conflict with the IsAuthenticated
permission.
Writing permissions
Therefore, we need to write a custom permission.
Inside the authentication
directory, create a file called permissions
and add the following content:
Get hands-on with 1200+ tech skills courses.