id
or role
.createWidget
action. We check to make sure the payload contains a user object and if it does, we make sure to include the user in the generated event.WidgetCreated
event, we store the userId
so we can refer back to it later.updateWidget
action is called, we check to make sure that the caller's id matches the userId
we stored earlier (or if caller is an admin) and if not, we throw an unauthorized
error.