Dears,
I'm using flask and flask-jwt and flask-restful. I can get the access_token , but once any user gets authenticated he can do everything to all database tables using the REST-API endpoint , how can I implement authorization where certain user can do specific action to certain row/field in database "one belongs to him for example".
All articles I've read talks about getting authenticated only, but do not go beyond.
Aucun commentaire:
Enregistrer un commentaire