arbret/.cursor/rules/security_authorization.mdc

---
description: Instructions on ensuring that authorization gets respected in the app.
alwaysApply: false
---

The app has users with roles and permissions. These should be respected.

When working on the frontend, make sure that the users can only access the pages and contents they are expected to due to their role in the app.

When working on the backend, ensure that endpoints are only accessible by those who need them.

When building new features, reflect on whether there is the need to create new permissions or modify existing ones, as well as changing roles.

Add tests that try "sneaky" approaches to overcoming authorization limits and verify that the app is properly protected against them.
add some cursor rules 2025-12-20 19:09:33 +01:00			`---`
			`description: Instructions on ensuring that authorization gets respected in the app.`
			`alwaysApply: false`
			`---`

			`The app has users with roles and permissions. These should be respected.`

			`When working on the frontend, make sure that the users can only access the pages and contents they are expected to due to their role in the app.`

			`When working on the backend, ensure that endpoints are only accessible by those who need them.`

			`When building new features, reflect on whether there is the need to create new permissions or modify existing ones, as well as changing roles.`

			`Add tests that try "sneaky" approaches to overcoming authorization limits and verify that the app is properly protected against them.`