Chapter 13
Securing Operations with Authorization Rules
Section 2
Applying Method-level Security Controls
How do I write complex authorization rules such as “only the owner can delete an image”? - Enable method-level security - Annotate the image creation method with a rule that only lets an image’s owner (or an ADMIN) delete it - Test this out with different users of varying roles