diff options
Diffstat (limited to 'docs/tutorial/4-authentication-and-permissions.md')
| -rw-r--r-- | docs/tutorial/4-authentication-and-permissions.md | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md index 336d5891..a0d7c5a6 100644 --- a/docs/tutorial/4-authentication-and-permissions.md +++ b/docs/tutorial/4-authentication-and-permissions.md @@ -1,7 +1,11 @@ # Tutorial 4: Authentication & Permissions -Currently our API doesn't have any restrictions on who can +Currently our API doesn't have any restrictions on who can edit or delete code snippets. We'd like to have some more advanced behavior in order to make sure that: +* Code snippets are always associated with a creator. +* Only authenticated users may create snippets. +* Only the creator of a snippet may update or delete it. +* Unauthenticated requests should have full read-only access. ## Adding information to our model |