Create a service responsible for authorization. Add logic to check that the person to receive the notification are allowed to represent the organization in the context of the given resource. If no resource or app has been given as context of the notification, then personal contact information should not be considered. All authorization requires a resource.
Perform a normal authorization request similar to the requests created by Storage when a user wants to access a resource.
Tasks
[x] Create a new service class to handle Authorization
[x] Create a method that can determine if a set of users are allowed to access given resource for given subject.
Description
Create a service responsible for authorization. Add logic to check that the person to receive the notification are allowed to represent the organization in the context of the given resource. If no resource or app has been given as context of the notification, then personal contact information should not be considered. All authorization requires a resource.
Perform a normal authorization request similar to the requests created by Storage when a user wants to access a resource.
Tasks
Acceptance criteria