Suppose we have a messaging app with a table messages
. This table has an id
as a unique key, the source_id
, the one who wrote the message, the target_id
, the one meant to receive the message and the content
, the actual content of the message.
A user is authorized to access a message if certain conditions are met. For example, a user is able to access a message if user.id === source_id
or user.id === target_id
. But it might be more complex like if the target_id
represents a group which the user is member of.
The messages are too many and we want to load 10 at a time, so we also need a pagination system to fetch 10 messages per call.
What are some good practices to combine the authorization part with the pagination ? Should the "authorization layer" be mixed with the "database layer" ?
Aucun commentaire:
Enregistrer un commentaire