So we should check the commands first before checking the authorization, after all. I kept going back and forth in my mind about which way was better, but it really didn't matter before this idea came up.
If a command comes in that is tied to any enabled actions, but then the user is not authorized, we can keep a log of that somewhere which will help greatly with troubleshooting. This should be optional because not everybody needs logging, and disabled by default to minimize storage usage and computations (apparently).
So we should check the commands first before checking the authorization, after all. I kept going back and forth in my mind about which way was better, but it really didn't matter before this idea came up.
If a command comes in that is tied to any enabled actions, but then the user is not authorized, we can keep a log of that somewhere which will help greatly with troubleshooting. This should be optional because not everybody needs logging, and disabled by default to minimize storage usage and computations (apparently).