Authorizing jsonapi_resources, Part 2: Policies
In the last post on authorizing jsonapi_resources, we began looking into adding authorization rules to
jsonapi_resources web services. We worked on a sample web service for tracking video games, and got to the point where user
josh could only see and edit his own records. Today, we’ll improve our web service by adding permission for
josh to view (but not edit) games belonging to the user he’s following.