I have build a react app ( Azure SWA), My API is linked to my web app and I am securing routes with roles (all works well):
{
"route": "/api/product",
"allowedRoles": ["admin", "nonadmin"]
},
{
"route": "/api/product/*/delete",
"allowedRoles": ["admin"]
},
I want only the admin role to be able to call the delete endpoint, but there is a guid that identifies the product and this route does not work when I do this, as wildcards are only supported at ends of routes:
Surely there is a way of doing this? as URL parameters are very common, I can seem to find any material on how this is achieved.
EDIT 13 November 2023
I've just confirmed with the product group that this is not supported. Wildcard patterns only work at the end of the path.
Instead of doing /delete, I would attribute that method with the DELETE verb, that you can do
Besides, using the HTTP verb is more aligned to RESTful principles.