Profiles web APIs should check permission before allowing the user to perform any action, to the same level as the commands allow. Failing the permissions check should return a 403 FORBIDDEN response, with an error response that includes relevant information on the permission check.
Profiles web APIs should check permission before allowing the user to perform any action, to the same level as the commands allow. Failing the permissions check should return a 403 FORBIDDEN response, with an error response that includes relevant information on the permission check.