Collab sessions can result in more than one user being responsible for a PUT - this PR makes it so that we da-admin allows more than one entry in the Authorization header and checks for all if the respective users is authorized. As a special case, it allows for an empty entry in the list of tokens which is interpreted as an anon user being present as well.
I think this raises an interesting point. I'm almost thinking we should say, if you want to write something, you have to be logged in. Even for projects that are not logged down.
Collab sessions can result in more than one user being responsible for a PUT - this PR makes it so that we da-admin allows more than one entry in the Authorization header and checks for all if the respective users is authorized. As a special case, it allows for an empty entry in the list of tokens which is interpreted as an anon user being present as well.