In our app which is an iframe app, we need to check if the user has permission to view/edit the item from our backend. We only connect the oauth token of the user who sets up of the app. Is there a way to check if the current app user has authorization to view the item without collecting an oauth token from each user?