I'm curious about your use of the 'owner' role in the project. Scouring the codebase I have struggled to understand how you are validating the user's ownership of the resources.
For example, here I'd imagine ownership validation occurs and the policy injected into casbin by the resource decorator would matter. But I can't actually find anywhere where it's done...not even in the change-subscription handler.
Am I missing something? Some guidance would be appreciated.
I'm curious about your use of the 'owner' role in the project. Scouring the codebase I have struggled to understand how you are validating the user's ownership of the resources.
For example, here I'd imagine ownership validation occurs and the policy injected into casbin by the resource decorator would matter. But I can't actually find anywhere where it's done...not even in the change-subscription handler.
Am I missing something? Some guidance would be appreciated.