Protecting Endpoints with a Custom Authorization Policy

At the moment, any authenticated user can update or delete questions. We are going to implement and use a custom authorization policy and use it to enforce that only the author of the question can do these operations.

Steps to implement custom authorization policy

Let's carry out the following steps: