Good tutorial. However I believe this is not actually restricting user for real. Take for example if I login and try to access business page where you are fetching business data using filters in the API request I will get the desired result. What happens if someone who knows how to use the Dev tool goes in and find the JWT token and used that to send a request to the API without any filters? They will get all the data including the once they should not have access to. So this is not restricting the user really.
1 Like