Currently, in the authorizeRequest middleware, we are checking the conditions "has permisson on method" and "has permisson on role" separately, but they must be checked together.
With the current permissions, this is not problematic, but it could be in the future if we change the permissions.
Description
Currently, in the
authorizeRequestmiddleware, we are checking the conditions "has permisson on method" and "has permisson on role" separately, but they must be checked together.With the current permissions, this is not problematic, but it could be in the future if we change the permissions.