Authorization system extensibility #6
Description
Currently the authorization system is incredibly rigid. To make a request require some new sort of authorization you need to create an interface, make the request implement it and then define a MediatR pipeline behavior. That is not a great workflow.
Requirements for a new auth system:
- Flexible (can add auth for new resources fast and easy)
- Resource scoped (not permission scoped like the current one)
- No copy paste admin checks