I am creating an application which requires 3 user roles:
Admin, Manager and User.
I have 2 web pages:
CRUD users webpage, view and edit Other Info webpage.
Admin role can have all CRUD use cases as well as the Other Info webpage. Manager can have Read and Edit Other Info web pages and User can view Other Info only.
I have read up some tutorials but I have some queries:
1) In the view and edit other info webpage, how can I differentiate between Manager and User? I mean the edit icon will be hidden from the User. How to achieve this in the webpage?
2) How can I stop User in Spring Boot from using POSTMAN to edit the Other Info web page?
3) How can I hide the CRUD user webpage hyperlinks from the Manager & User? What if they type in the URI in the address bar and access the CRUD webpage? How would Spring Boot manage this?