Where should authorization/permissions checks happen?
Hey there 
What is generally the preferred place to perform permissions checks? Using meta, within a procedure method, within the definition of the procedure via middleware, or something else?
I initially opted for performing checks within defined procedure methods, but this results in quite a bit of code duplication, so I figure using meta could be better (it does feel intuitive). Yet, this somehow feels non-standard. I haven't seen this before... in an ideal world this permissions object could be passed into a procedure as an arg alongside the handler/method as a kind of augmentation.
Currently, I am exploring the use of meta to do this:
What is generally the preferred place to perform permissions checks? Using meta, within a procedure method, within the definition of the procedure via middleware, or something else?I initially opted for performing checks within defined procedure methods, but this results in quite a bit of code duplication, so I figure using meta could be better (it does feel intuitive). Yet, this somehow feels non-standard. I haven't seen this before... in an ideal world this permissions object could be passed into a procedure as an arg alongside the handler/method as a kind of augmentation.
Currently, I am exploring the use of meta to do this:
