Authorization implement

[phuongvd201]

Description

Currently, the framework does not have an authorized feature. Consider implement it in next milestone. I'll create a PR for that.
...

Environment

• JsonApiDotNetCore Version:
• Other Relevant Package Versions:

[maurei]

Thanks for asking about this. A few weeks ago someone asked about this too in #547.

In a nutshell:

• In v4 Resource Hooks have been introduced, which allows easy execution of business logic in the service layer level without having to override it. This allows for a tailored implementation of authorization.
• v4 is not done yet, but you can get it from nuget as a prelease package.
• Here are the docs for Resource Hooks which contain many examples on how to use it for authorization.
  Warning: docs are a little outdated because they were done for an earlier beta version of resource hooks. Everything on the conceptual level is still accurate, but the method signatures of the hooks are a little different here and there (they should be more intuitive now so shouldn't be a big problem). Refer to this interface of IResourceHookContainer for the current (and probably likely final) version of the hooks API.
• If something isn't conceptually clear on how to use hooks for authorization, let me know and I'll improve the docs :)
• If you decide to use v4, please note that a PR for JsonApiContext should be split into multiple classes for easy testability #504 will be included in the release as well, which will involve a bunch of breaking changes. I'll write instructions on how to upgrade when the time is there

Let me know if you have any more questions.