If I am authorizing an user to upload this user can upload image for a resource even if he his not the owner of the resource.
To protect the route I need to add a middleware (and not override the upload route because it’s not like the content api. The route is really complex) to check that the user upload image to a resource that he is owner.
If there is a better solution I will take it.