Authorisation #83 must be used when granting (adding) a permission to a user or a role. The grantor (current user) must have the permission being granted or a be a member the role being added. POST, PATCH and PUT must be checked.
Since user and role can be provided by multiple authentication #4 provides we can't place this at the app.route layer. Need middleware to perform check before passing it on.
Authorisation #83 must be used when granting (adding) a permission to a
user
or arole
. The grantor (current user) must have the permission being granted or a be a member the role being added.POST
,PATCH
andPUT
must be checked.Since
user
androle
can be provided by multiple authentication #4 provides we can't place this at the app.route layer. Need middleware to perform check before passing it on.Need to define a schema for
user
androle