Implement Auth and roles for Posts
Originally #2 (closed) but it seems like a long way in the future. Therefore I made this new issue to better track it progressively.
Every user can create, store, update, and delete posts that they owns (the user_id belongs to user)
-
Every user is an author of the post. They can create new posts, and their user_id is embedded to the posts table entry automatically. -
First check if the id can be added manually -
Then make sure their id is automatically embedded in the request (remove the manual selector)
-
-
Every user of type author
can only create, store, update, and delete posts where the user_id is their own. They can't modify posts of other users. -
Every user of type admin
can view and modify all posts. -
Every guests can see posts with either blog or news type, but not draft type. -
Drafts are only visible for their author (where user_id is the users')
Edited by Hendrik Lie