PortfolioSoftware DevelopmentAuthentication & AuthorizationIntermediate
Software DevelopmentIntermediate 2 to 3 hours

Build Role-Based Access Control (RBAC)

Write Express middleware to protect routes based on user roles.

The Scenario

Your platform has 3 user roles: `USER`, `EDITOR`, and `ADMIN`. You need to ensure that only `EDITOR`s and `ADMIN`s can access the `POST /articles` route, but only an `ADMIN` can access the `DELETE /users` route.

The Brief

Write a reusable authorization middleware function in Node.js/Express. It should accept an array of allowed roles and check it against the `req.user.role` property (which is populated by your authentication middleware).

Deliverables

  • The `requireRoles` middleware code
  • The Express router configuration showing how the middleware is applied to the protected routes

Submission Guidance

The middleware must be generic. Do not hardcode the logic inside the route handler itself. Think about how you would scale this if a new `SUPER_ADMIN` role was added tomorrow.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.