I have two different objects in my API, we can call them users as tasks. I want to shape the API so users can only access tasks associated with them, but admin can access all tasks. How would I check to make sure what they are requesting matches their username? I have login working as per http://code.tutsplus.com/tutorials/building-rest-apis-using-eve--cms-22961 but I'd like to be able to create a more encompassing API.
You might resort to User Restricted Resource Access
When this feature is enabled, each stored document is associated with the account that created it. This allows the API to transparently serve only account-created documents on all kinds of requests: read, edit, delete and of course create. User authentication needs to be enabled for this to work properly.
See the relevant documentation at the link above.