Here's a general outline of the workflow based on different roles:
-
Guest (Unauthenticated User)
- Can access public pages like the login and registration pages.
- Can register for a new account.
- Can log in with valid credentials.
-
User
- Upon successful login, the user is authenticated and receives an access token.
- Can view their own tasks.
- Can create new tasks assigned to themselves.
- Can update and delete their own tasks.
- Cannot access or modify tasks of other users.
-
Admin
- In addition to the capabilities of regular users, admins have additional privileges.
- Can view all tasks of all users.
- Can create new tasks assigned to any user.
- Can update and delete any task.
- May have access to an admin dashboard with advanced features, such as filtering, sorting, and searching tasks.
-
Authorization and Authentication
- Requests to protected routes require a valid access token.
- Access tokens are typically sent in the request headers (e.g., Authorization header).
- Middleware functions are used to verify the access token and extract the user's role and information from it.
- Unauthorized or invalid access attempts are handled with appropriate error responses.
-
Routing and Middleware
- Routes are defined and organized based on functionality (e.g., user routes, admin routes, task routes).
- Middleware functions are applied to protect routes based on user roles.
- Middleware functions validate the user's role and permissions before allowing access to specific routes.