In the request lifecycle, any error from validation will respond with
400 Bad Request. The problem is loading prerequisites happens much later, and if we’re trying to update a resource that doesn’t exist, we really want
404 Not Found.
We can load the entity in the validation function, but even returning a
404 error object give a
It would also be nice to do some authorization between prerequisites and handlers, but there is no extension point.