Home > OS >  Separate Controller for Admin Panel in REST API
Separate Controller for Admin Panel in REST API

Time:10-23

I'm currently working on REST API using Spring Boot. Let's say i have product service with basic functionality in controller. There are two roles in user which are normal user and admin.

example:addProduct, getProduct, updateProduct, deleteProduct

User can only access getProduct endpoint and admin can access all endpoints.

Which one is better apporoach?

first approach:

api/v1/products/ -> do all get, post, delete, patch

second approach:

api/v1/products/admin -> get, post, delete, patch

api/v1/products -> get

CodePudding user response:

I suggest using a Role-Based Access Control (RBAC) wherein each user has a role. and each role has permissions, e.g. get_post, delete_post, and so on. As your application gets bigger in scope, you can have fewer routes in this way.

Example situation: if a user posted a resource on api/v1/products, the system will check if the user has a "create_product" permission. If he has no access then your api should return 401 unauthorized

Page link:https//www.codepudding.com/os/585527.html

Prev:from itertools import product: the result is not a list?
Next:OAuth2 Authorization server with access token
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding