Suppose we have a messaging app with a table messages. This table has an id as a unique key, the source_id, the one who wrote the message, the target_id, the one meant to receive the message and the content, the actual content of the message.
A user is authorized to access a message if certain conditions are met. For example, a user is able to access a message if user.id === source_id or user.id === target_id. But it might be more complex like if the target_id represents a group which the user is member of.
The messages are too many and we want to load 10 at a time, so we also need a pagination system to fetch 10 messages per call.
What are some good practices to combine the authorization part with the pagination ? Should the "authorization layer" be mixed with the "database layer" ?
Aucun commentaire:
Enregistrer un commentaire