Authorisation #83 must be used when granting (adding) a permission to a user or a role. The grantor (current user) must have the permission being granted or a be a member the role being added. POST, PATCH and PUT must be checked.
Since user and role can be provided by multiple authentication #4 provides we can't place this at the app.route layer. Need middleware to perform check before passing it on.
Authorisation #83 must be used when granting (adding) a permission to a
useror arole. The grantor (current user) must have the permission being granted or a be a member the role being added.POST,PATCHandPUTmust be checked.Since
userandrolecan be provided by multiple authentication #4 provides we can't place this at the app.route layer. Need middleware to perform check before passing it on.Need to define a schema for
userandrole