private async Task CheckAuthorizationAsync(Todo todo, CancellationToken cancellationToken)
{
var currentAccount = await accountProvider.GetCurrentAsync(cancellationToken);
if (!todo.CanEdit(currentAccount))
{
throw new UnauthorizedRequestException("Todo can only be renamed by its owner or editors");
}
}
