@kgish wrote:
I would like restrict access for editing certain resources to the authors of those items.
A logical place to police such access seems to be within the
willTransitionhook.From the
transitionobject I am able to accesstransition.targetNamewhich is fine, but I require themodel.authorfield of the target route as well in order to decide whether or not thecurrent_useris allowed to proceed.However, it is not very clear to me if the transition object contains this information somewhere (I find the documentation unclear).
Maybe my approach is incorrect and there's another standard more elegant manner to enforce authorization for routes.
Posts: 3
Participants: 2
