linear[bot]
commented
4 months ago Closed ntindle closed 4 months ago
linear[bot]
commented
4 months ago 
Swiftyos
commented
4 months ago I'm not sure about this change as we lack the detail on who should be allowed to do what now. I'm not clear how we go from a PROTECTED access flag to deciding what role is required to access it
ntindle
commented
4 months ago This is an intermediate change. Protected/public will be swapped to the roles generated by the requirements system in phase two of auth with authorization. Right now, this is just acting as a flag to inject the authentication dependencies in that route.
Authentication is defining who you are. Authorization is when you are allowed to access something. We were conflating the two. This is part of a separation. AccessLevel will likely be converted to a different name in stage two of this (authorization), but for now, it is sufficient. I want to keep cross-cutting changes to a minimum as I'll be stacking PRs here