Thanks for moving the topic!
In if it were about user roles, i’d agree that its an ACL issue. But it’s more about determining at runtime if the resource is authorized or not by executing arbitrary business logic.
I’m not trying to “cheap out of enterprise” here, its just a different usecase.
In essence, can i build a custom resolver for some endpoint that allows me to return whatever the logic determines to be fit for purpose? I have the feeling that @Custom is more appropriate? But thats just a hunch.
Thanks for any input!