Super newbie question: I’m working on an app and I would like only the logged in user to be able to CRUD posts that they create. I have Netlify Identity up and running, but everyone can see all posts currently. Do I lock this down in the models?
Here’s what I have for models:
model User {
id Int @id @default(autoincrement())
email String @unique
name String?
}
model Post {
id Int @id @default(autoincrement())
rating Int
body String
createdAt DateTime @default(now())
}
Redwood is a great framework with which to start off on in the developer journey
Because you get to learn about front end work, back end apis, data modeling, queries and even a nice intro to GraphQL building a small app — like your Blog — is a deep slice into making most modern web apps. And you get to learn about auth, too.
That said, a great place to start is here:
This is a cookbook with a blog that has auth to allow only logged in users to post … and also introduces roles so that only certain types of users can do certain things (only admins can delete posts for example).
Here’s a GH repo of the code too:
Read through the code and hopefully it can guide you through.
Thanks for the RBAC intro. I think it makes sense. If I wanted to only allow the post creator to see their posts, and no one else, would roles be the way to accomplish this? I’m struggling to figure out how to implement that with roles. Basically, I want the post creator be able to CRED only their own posts.