Server middleware may test if a user is currently logged-in.
But if an application allows different users to have different roles, a database model may want to decide whether the currently logged-in user is allowed to access or write something. Therefore, for instance a before create hook decides if the user may create a new record. This should be the the first thing the model does after the post request came in. But in fact the first thing that happens is the model going through its validation tests. If one of the validation tests fails, e.g. a uniqueness test, even though the user is not authorized to create a new record because of their role, the response to the client contains a uniqueness validation error ("not uniq") instead of an authorization error.
=> Please allow for hooks that execute before the first validation test is applied.
Server middleware may test if a user is currently logged-in.
But if an application allows different users to have different roles, a database model may want to decide whether the currently logged-in user is allowed to access or write something. Therefore, for instance a before create hook decides if the user may create a new record. This should be the the first thing the model does after the post request came in. But in fact the first thing that happens is the model going through its validation tests. If one of the validation tests fails, e.g. a uniqueness test, even though the user is not authorized to create a new record because of their role, the response to the client contains a uniqueness validation error ("not uniq") instead of an authorization error.
=> Please allow for hooks that execute before the first validation test is applied.