So far, we have seen authentication and authorization with regard to:
Authorization on a resource level restricts access or grants permission to a user for the entire resource. Authorization within snippets can make this more granular by restricting only certain content within a resource that is being rendered by the snippet. As explained in the previous chapter, snippets accept parameters, and certain snippets provide parameters to be configured so that they are accessible only by a certain user type. In this section, we will modify the
NewsEditor snippet to only allow posts from authenticated users.
In our application we have already restricted ...