LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What is authorization and how is it implemented?

Authorization confirms the already-logged-in user has permission to access this specific resource.

After authentication, you must still check:

  • Does this user own this resource?
  • Does this user have the required role/permission?
// Example: Check if user owns the task
const task = await tasks.findOne({ _id: taskId });
if (task.user !== req.session.user) {
  return res.status(403).json({ error: 'Forbidden' });
}

Simple approach: Store owner username with each resource and compare against req.session.user.

From Quiz: WEBT / User Sessions | Updated: Jun 20, 2026