Authorization
التفويض (Authorization)
GLS-000101
Definition
Checking what an authenticated user is allowed to do — after they've proven who they are.
التحقق مما يُسمح للمستخدم المُصادَق عليه بفعله — بعد إثبات هويته.
Why It Matters
Without authorization, any authenticated user could trigger admin actions — like rebuilding the knowledge index or seeding the database.
بدون التفويض، يمكن لأي مستخدم مُصادَق عليه تشغيل إجراءات المشرف — مثل إعادة بناء فهرس المعرفة أو بذر قاعدة البيانات.
Full Definition
Example Usage
“verifyAdminRequest() in every /api/admin/* route checks that the caller has the admin role before allowing the operation.”
“verifyAdminRequest() في كل مسار /api/admin/* يتحقق أن المُستدعي لديه دور المشرف قبل السماح بالعملية.”
AI Builder Tips
Avoid these mistakes when using Authorization:
Confusing authentication with authorization
Only checking authorization on the frontend (client-side checks can be bypassed — always check server-side)
Sign in to unlock guided AI explanations from AI Teacher.
Generate a Prompt
Copy this prompt and use it directly with any AI model — no setup needed.
Help me build a project using Authorization. Explain: 1. What is Authorization and why it matters 2. The core architecture and required tools 3. Step-by-step implementation plan 4. Common mistakes to avoid: Confusing authentication with authorization, Only checking authorization on the frontend (client-side checks can be bypassed — always check server-side) 5. Best practices and production tips