Code Challenge: Make a simple API which returns a list of items using RBAC to only return ones a particular user is allowed to see. For simplicity, we recommend using a url parameter to identify a user without worrying about security for this challenge.
so according to the code challenge I changed my ongoing project in which I create a admin panel in which I specified two role
Demo for Super Admin {email: superadmin@gmail.com, password: gsoc123} where Super Admin has full access for the pannel, he can add, delete, update all the categories as well as product details.
Demo for Admin {email: admin@gmail.com, password: gsoc1234} whereas Admin can only add, delete product details. he can not access to category page.
I will specify one more role for user where he can only see the details of products. He would not have any access to add, delete or update in categories or products.