We have client-server application. To reduce response time we want to add paging of request. But there is one pitfal - security policy. The visibility of the object and the list of allowed actions are determined by the user's rights, roles, and its belonging to a particular department in the company hierarchy. Of course, this all changes dynamically. Let's say we made a page request from 100 entities. None of them are available to us. Should we return an empty list? Or should we try to request next page automaticaly? What is the best practice for such scenarios?
Aucun commentaire:
Enregistrer un commentaire