Extend Decorator to Support Role-Based Authorization #18

Closed
opened 2025-10-17 22:33:37 +00:00 by Rodrigo2003-PT · 0 comments
Rodrigo2003-PT commented 2025-10-17 22:33:37 +00:00 (Migrated from github.com)

Tasks:

  • Modify the @token_required decorator to accept a list of roles (e.g., @token_required(roles=['Admin', 'Manager'])).
  • After validating the token, check if the user's role (from the token payload) is in the list of allowed roles.
  • If the user's role is not sufficient, return a 403 Forbidden response.
  • Apply this enhanced decorator to the POST /api/users/register endpoint to test its functionality.
### Tasks: - Modify the `@token_required` decorator to accept a list of roles (e.g., `@token_required(roles=['Admin', 'Manager'])`). - After validating the token, check if the user's role (from the token payload) is in the list of allowed roles. - If the user's role is not sufficient, return a `403 Forbidden` response. - Apply this enhanced decorator to the `POST /api/users/register` endpoint to test its functionality.
Sign in to join this conversation.
No description provided.