I would like restrict access for editing certain resources to the authors of those items.
A logical place to police such access seems to be within the
transition object I am able to access
transition.targetName which is fine, but I require the
model.author field of the target route as well in order to decide whether or not the
current_user is allowed to proceed.
However, it is not very clear to me if the transition object contains this information somewhere (I find the documentation unclear).
Maybe my approach is incorrect and there’s another standard more elegant manner to enforce authorization for routes.