Implement Role-Based Access Control for Feature Endpoints #113
Description
Description
Implement role-based access control in our application to restrict feature access based on user roles. Using Google OAuth for authentication, we need to define roles like Admin and User and control access to various features and endpoints based on these roles. If a user lacks the necessary role for a specific feature, the corresponding endpoints should return an error indicating insufficient permissions.
Acceptance Criteria
- Role Definition: Define at least two custom roles - Admin and User.
- Access Control: Implement access control in backend services, allowing only authorized roles to access specific endpoints.
- Error Handling: Ensure that endpoints return an appropriate error message (like 403 Forbidden) when a user with insufficient permissions attempts access.
- Secure Annotation: Utilize the
[Authorized()]attribute or equivalent in the backend to protect controller methods based on roles. - Documentation: Update all relevant documentation with details on role-based access control implementation and usage.
- Testing: Include comprehensive tests to ensure role-based access control is functioning as expected across various scenarios.