This repository was archived by the owner on Oct 24, 2024. It is now read-only.
This repository was archived by the owner on Oct 24, 2024. It is now read-only.
Add authentication mechanism #2
Description
Currently, the access is public which means that credentials are not needed to, for example, delete an existing user with all associated posts.
This ticket covers the following subtasks:
- add sessions controller that allows login and implements "whoami" functionality
- allow public access only to "get posts" endpoint
- allow deleting user only by himself
- allow updating user only by himself
- deny creating posts that are associated with other users