public function isAuthorized()
{
$action = $this->request->param('action');
$role = Session::getUserRole();
$resource = "todo";
// only for admins
Permission::allow('admin', $resource, ['*']);
// only for normal users
Permission::allow('user', $resource, ['delete'], 'owner');
$todoId = $this->request->data("todo_id");
if (!empty($todoId)) {
$todoId = Encryption::decryptIdWithDash($todoId);
}
$config = ["user_id" => Session::getUserId(), "table" => "todo", "id" => $todoId];
return Permission::check($role, $resource, $action, $config);
}