-
paz authored
If we use exceptions for authorization failures, we should do it consistently also for code that checks authorization on its own (not through the controllers). This also paves the way to raise different exceptions (or provide different messages) for different authorization problems.