I'm developing an REST API in go, it's implementing jwt following this schema : 
I've a middleware that verify tokens and my problem is that I want another one to add roles and permissions on some path in my API
Could you guys give some tips pls ? My project is on github as you can see all the code : repository
Thanks
分享 If I am not wrong, what you are asking is for access control list (ACL) https://en.wikipedia.org/wiki/Access_control_list
You will need to separate controllers for each type of permission and have a module that checks the session variable set when the user logs in with the type of permission allowed for that particular controller.
After the login check is completed, you can carry out an authorization check whether the user can access the resource and action, the controller can be tied to a single resource (but this behavior can be overridden) and the controller action can be mapped to a resource action.
For Go, you can get a lot of ACL samples:
分享
