Current section: Permissions 6 exercises

Implementing User Permissions and Authorization Logic

Loading exercise


00:00 So as Cody is an admin user, Cody should be able to delete other people's notes. So I should be able to hit this and get it deleted. Right now, that's not possible because we need to add some logic in our application to check the user's permissions and then check whether they're authorized to do this. And Cody should be authorized to do this.

00:18 Kelly added a little bit of logic to make it so that it's easier to display this bar when we have those permissions. So you're going to be adding a little bit of logic to the loader for this page to determine whether the user should be able to see these or this bar. And then you're also going to add some logic to the action

00:36 to verify that the user has authorization to perform this action. And so now it's not just whether this note belongs to this user. It's actually whether the user who's performing the action has permission to do that. So adding permissions to an app does definitely complicate a number of things.

00:55 You have to do some manual checks on. And it would be cool if there was a Prisma extension that allowed us to do this automatically. And that certainly is a thing that somebody could build. Let me know if you do. But yeah, for now, we have to manually add some logic

01:14 to verify that the user has permission to do what they're about to do. So that's what you're going to be doing in this exercise. I want to be able to delete this note if I am an admin user. Just make sure that I also can delete it if I have the permission to delete my own notes and it's my own note. So you've got a couple of things to do here.

01:33 Have a good time.