User: return User(username="alice", role=Role.user) # Higher-order dependency factory — creates a role checker def require_role(role: Role): def checker(user: Annotated[User, Depends(get_current_user)]) -> User: if user.role != role: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail=f"Requires {role} role", ) return user return checker # Public route — any authenticated user @app.get("/profile") def profile(user: Annotated[User, Depends(get_current_user)]): return {"username": user.username, "role": user.role} # Admin-only route @app.delete("/users/{user_id}") def delete_user( user_id: int, _: Annotated[User, Depends(require_role(Role.admin))], ): return {"deleted": user_id} # Router-level dependency — apply to all routes in a router from fastapi import APIRouter admin_router = APIRouter( prefix="/admin", dependencies=[Depends(require_role(Role.admin))], ) @admin_router.get("/stats") def admin_stats(): return {"total_users": 42}"> User: return User(username="alice", role=Role.user) # Higher-order dependency factory — creates a role checker def require_role(role: Role): def checker(user: Annotated[User, Depends(get_current_user)]) -> User: if user.role != role: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail=f"Requires {role} role", ) return user return checker # Public route — any authenticated user @app.get("/profile") def profile(user: Annotated[User, Depends(get_current_user)]): return {"username": user.username, "role": user.role} # Admin-only route @app.delete("/users/{user_id}") def delete_user( user_id: int, _: Annotated[User, Depends(require_role(Role.admin))], ): return {"deleted": user_id} # Router-level dependency — apply to all routes in a router from fastapi import APIRouter admin_router = APIRouter( prefix="/admin", dependencies=[Depends(require_role(Role.admin))], ) @admin_router.get("/stats") def admin_stats(): return {"total_users": 42}" />

Prev Next

Python / FastAPI Interview Questions

How do you implement role-based access control (RBAC) using FastAPI dependencies?

FastAPI's dependency injection makes RBAC clean: create a higher-order dependency that checks the current user's role. Inject it into routes that require elevated permissions.

from fastapi import FastAPI, Depends, HTTPException, status
from typing import Annotated
from enum import Enum

app = FastAPI()

class Role(str, Enum):
    user  = "user"
    admin = "admin"

class User:
    def __init__(self, username: str, role: Role):
        self.username = username
        self.role = role

# Simulated auth — in reality decode a JWT
def get_current_user() -> User:
    return User(username="alice", role=Role.user)

# Higher-order dependency factory — creates a role checker
def require_role(role: Role):
    def checker(user: Annotated[User, Depends(get_current_user)]) -> User:
        if user.role != role:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail=f"Requires {role} role",
            )
        return user
    return checker

# Public route — any authenticated user
@app.get("/profile")
def profile(user: Annotated[User, Depends(get_current_user)]):
    return {"username": user.username, "role": user.role}

# Admin-only route
@app.delete("/users/{user_id}")
def delete_user(
    user_id: int,
    _: Annotated[User, Depends(require_role(Role.admin))],
):
    return {"deleted": user_id}

# Router-level dependency — apply to all routes in a router
from fastapi import APIRouter
admin_router = APIRouter(
    prefix="/admin",
    dependencies=[Depends(require_role(Role.admin))],
)

@admin_router.get("/stats")
def admin_stats():
    return {"total_users": 42}
How do you apply an authentication dependency to ALL routes in an APIRouter?
What HTTP status code should you return when a user is authenticated but lacks the required role/permission?

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is FastAPI and what are its key advantages over Flask or Django REST Framework? How do you create and run a minimal FastAPI application? What is the difference between path parameters and query parameters in FastAPI? How do you receive and validate a JSON request body in FastAPI? How do you use Pydantic models for data validation and what validation features does FastAPI support? What is the response_model parameter in FastAPI and why should you use it? How do you add validation constraints to path and query parameters using Path() and Query()? How do you control HTTP status codes and return custom responses in FastAPI? What is FastAPI's dependency injection system and how do you use it? How do you organise a FastAPI application with multiple routers (APIRouter)? What is middleware in FastAPI and how do you add custom middleware? When should you use async def vs def for route handlers in FastAPI? What are BackgroundTasks in FastAPI and when should you use them? How do you implement OAuth2 password flow with JWT tokens in FastAPI? How do you implement role-based access control (RBAC) using FastAPI dependencies? How do you integrate an async SQLAlchemy database with FastAPI? How do you manage database schema migrations in a FastAPI project with Alembic? How do you write tests for a FastAPI application using pytest and TestClient? How do you create custom exception handlers in FastAPI? How do you handle form data and file uploads in FastAPI? How do you manage environment variables and settings in FastAPI with Pydantic Settings? How do you run startup and shutdown logic in FastAPI using lifespan? How do you implement WebSocket endpoints in FastAPI? How do you containerise and deploy a FastAPI application with Docker? What are the key production deployment considerations for a FastAPI application? What are the key differences between Pydantic v1 and v2, and how does FastAPI use Pydantic v2? How do you add caching to FastAPI endpoints to improve performance? How do you customise the OpenAPI documentation in FastAPI? How do you integrate FastAPI with Celery for reliable background task processing? How do you measure and improve the performance of a FastAPI application? How do you use class-based dependencies and sub-dependencies in FastAPI? How do you test async FastAPI endpoints and async dependencies? How do you stream large responses in FastAPI using StreamingResponse? How do you add GraphQL support to a FastAPI application with Strawberry? How does FastAPI handle validation errors and how can you customise the error response format? What is the scope of a FastAPI dependency, and how do you share state across requests? How do you read HTTP headers and cookies in FastAPI? What are the most important FastAPI best practices for a production-ready API?
Show more question and Answers...

Tools

Comments & Discussions

Interviews Questions

About Javapedia.net

Javapedia.net is for Java and J2EE developers, technologist and college students who prepare of interview. Also this site includes many practical examples.

This site is developed using J2EE technologies by Steve Antony, a senior Developer/lead at one of the logistics based company.

contact: javatutorials2016[at]gmail[dot]com

Kindly consider donating for maintaining this website. Thanks.

Copyright © 2026, javapedia.net, all rights reserved. privacy policy.

DMCA.com Protection Status