It seems currently there is no authorization and I can't figure out how to add authorization cleanly to the SlackRubyBotServer::Api:Endpoints::TeamsEndpoint. So any user, even if I add authentication, can see all the registered teams and post to any of them i.e. update any of them. Is there any recommendation in the community about the best way to do this? Normally I'd add authorization using something like Pundit to replace a call like this:
teams = Team.all
but the only way I can figure out to do that is to replace that endpoint entirely with my own which I would rather not do.
It seems currently there is no authorization and I can't figure out how to add authorization cleanly to the SlackRubyBotServer::Api:Endpoints::TeamsEndpoint. So any user, even if I add authentication, can see all the registered teams and post to any of them i.e. update any of them. Is there any recommendation in the community about the best way to do this? Normally I'd add authorization using something like Pundit to replace a call like this:
teams = Team.all
but the only way I can figure out to do that is to replace that endpoint entirely with my own which I would rather not do.Thanks!