I should start building an app that is similar to a forum: I sould create an admin area where only logged in customer can access. Every customer should register, create his profile and add his own article.
I have read more question about security interceptor but I’m not sure about this: if an user edit an article, how can I be sure that he do not edit an article of different user?
User1 has write article 1,5,8
User2 has write article 3,9,12
User1 want edit article 5 and go to editArticle?id=5 and made his change. But he could also go to editArticle?id=9 that is owned by User2. How could I be sure that two user that have admin access do not edit article that are owned by other users?