Whats the best way to handle authorisations with commands? Some users are for example not allowed to do certain commands…. or can only do commands if they are the owner of this data (aggregate instance). How would you pass this user information/token to service? As a field of the Command, as metadata of the Command, … . How to implement this authorisation check? As an interceptor or part of the Command handler.
Same question for queries. What if some users are not allowed to query some data. Or should only get partial results. Should this user information/token be part of the Query as a field, metadata, …