Adding Permissions

Understand the concepts of authentication and authorization and add custom permissions for managing user access and actions in the project.

We'll cover the following

If authentication is the action of verifying the identity of a user, authorization is simply the action of checking whether the user has the rights or privileges to perform an action.

In our project, we have three types of users:

  • The anonymous user: This user has no account on the API and can’t really be identified.

  • The registered and active user: This user has an account on the API and can easily perform some actions.

  • The admin user: This user has all rights and privileges.

We want anonymous users to be able to read the posts on the API without necessarily being authenticated. While it’s true that there is the AllowAny permission, it’ll surely conflict with the IsAuthenticated permission.

Writing permissions

Therefore, we need to write a custom permission.

Inside the authentication directory, create a file called permissions and add the following content:

Get hands-on with 1200+ tech skills courses.