Policies for `create` upsert actions
I have a
Question 1:
When upserting, there is data. Is there a way to authorize that? Maybe I'm relying too heavily on upserts.
Question 2:
In this case, I actually want to do authz that corresponds to the resource's parent's owner. I.e.
User
Site
I want to make it so that only the site's owner can create/upsert pages for that site, which does exist.
Is the solution here to create a generic
create do upsert? true end type of action that I'd like to put a policy on. However, I get a warning that says I can't add policies to create actions, basically because the data doesn't exist yet to be able to authorize against. So this is a two part question.Question 1:
When upserting, there is data. Is there a way to authorize that? Maybe I'm relying too heavily on upserts.
Question 2:
In this case, I actually want to do authz that corresponds to the resource's parent's owner. I.e.
User
has_many SiteSite
has_many PageI want to make it so that only the site's owner can create/upsert pages for that site, which does exist.
Is the solution here to create a generic
add_page action on the Site, and put the policy on that?
