Hi, I've been stuck on this problem for a while. API endpoints (the same api endpoints) should have different authorization level depending on what resource the user is trying to access (different parameters).One customer doesn’t want any form of login or user registration, so I can’t do a "joint accessRights table" (MariaDB) between the resource and a user, because in some cases there are no logged in user.I can’t do a sharp distinction on customers either, because the same customer might want different authorization levels on different types of products that they are supplying.The "best” solution I've thought of is to add an attribute to all affected tables that tells what the autorizationLevel that specific resource require, but it feels messy, even more so when I start think on how to implement this code wise.Is there anyone that have implemented something similar before, knows about a good article or programming pattern that I can use to solve this?
Submitted September 26, 2017 at 07:18PM by Archheretic
No comments:
Post a Comment