The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.
Ron McLeod wrote:You could just put a guard at the beginning of your handle which verifies that the user is authorized, and if not, throws an exception.
For example:
Robert Dennett wrote:Would that be the standard way to handle it? Is there a standard way to handle it?
Robert Dennett wrote:Well, supposing you had an authenticated user, how do you make sure that they're only accessing the resources they're authorized to see? For example, let's say I want to define an endpoint to return a customer's order. I don't want any other authorized user (unless they have an admin role) to be able to access that order. What do you call that?
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime. |