How to limit the rights to edit posts?

N

Nightmare0582021-09-16 00:09:22

Spring

Nightmare058, 2021-09-16 00:09:22

In general, the question is this: I want to restrict access to editing records in the database. Allow editing only to those users who created them and the admin.
I myself thought of only asking for the name of the current user and checking whether this is his entry or is it an admin.
Maybe there are some more correct solutions?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

O

Orkhan Hasanli, 2021-09-16
@azerphoenix

Good afternoon!
You need to add entities like Role & Privilege.
Roles - ADMIN, USER, etc.
Privileges - READ_PRIVILEGE, WRITE_PRIVILEGE, etc.
Link - https://www.baeldung.com/role-and-privilege-for-sp...
And then the logic of the work is as follows:
If the user is an administrator, then most likely he should have all the necessary privileges. If it is a user and if the entry was created by him and if, for example, he has EDIT_PRIVILEGE, then he can edit the entry. If, for example, you have the role - moderator, then he will have the EDIT_PRIVILEGE privilege even if he is not the owner of the post, etc. Further logic is built based on your needs