Push basis of new API key policy

Will need to revisit this another day when I’m fresh to figure out the
best method to do this.

app/Http/Middleware/HMACAuthorization.php

@@ -92,6 +92,7 @@ class HMACAuthorization
 
         $this->checkBearer();
         $this->validateRequest();
+        $this->validateIPAccess();
         $this->validateContents();
 
         Auth::loginUsingId($this->key()->user_id);
@@ -137,23 +138,6 @@ class HMACAuthorization
         if (! $this->key) {
             throw new AccessDeniedHttpException('Unable to identify requester. Authorization token is invalid.');
         }
-
-        if (empty($this->request()->route()->getName())) {
-            throw new \Exception('Attempting to access un-named route. This should not be possible.');
-        }
-
-        $this->validateIPAccess();
-
-        $query = APIPermission::where('key_id', $this->key()->id)
-            ->where('permission', $this->request()->route()->getName());
-
-        if (starts_with($this->request()->route()->getName(), 'api.user')) {
-            $query->orWhere('permission', 'api.user.*');
-        }
-
-        if (! $query->first()) {
-            throw new AccessDeniedHttpException('You do not have permission to access this resource on the API.');
-        }
     }
 
     /**