Different endpoints for different permissions
HomaDev opened this issue · comments
Hi!
Do I have different endpoints for users with different permissions?
1 endpoint for each level of permissions?
Do you have best practices about what to put, and what don't in permission classes?
@HomaDev Hello 👋
Permissions are usually connected to the domain / business layer and you can handle them in the services.
Generally speaking, we differentiate between permissions like that:
- Framework related permissions - "Is the user authenticated" - this is usually handled on the API level.
- Business level permissions - "Can this particular user do this particular action?" - this is usually handled on the service layer.
- Now, if you have a more simplified case, where, for example, you have normal users & admin users & all admin users can do the same stuff, you can handle that straight on the API layer. I'd create an
AdminApi
base class, which I'll inherit at every place that I want this to be enforced. - Now, if you have endpoints, that behave differently, based on the permission level - this should be handled on the service layer.
Cheers!
@RadoRado Thanks for answer!
Closing this issue