Yousef Sultan
06/29/2023, 9:36 AMYousef Sultan
06/29/2023, 9:37 AMread
some article
, then I can only hope my application code makes use of this policy at all everywhere it needs to render an article
Yousef Sultan
06/29/2023, 9:40 AMpost
has `post-comment`s, should `post-comment`s have a separate read
policy than post
? I would say no assuming there's no privacy settings on post-comment
s or so, but then what about the update
policy? Surely `post`'s will be different than post-comment
's because they're of different authors, for one. What does that mean now?
I feel like having a read
policy defined for every single model is going to be a huge burden on the system, at least in terms of network latency, no?
edge case #2
How do you make it consistent when to process the whole collection (i.e. PlanResource) vs. individual objects?
For example it makes sense to check that the principal can read
every post
individually, because they may be able to read some and not others, but it doesn't make sense to check if the user can read every single language name in the languages dropdown individually, as it's extremely unlikely that they could read some language names but not othersYousef Sultan
06/29/2023, 9:42 AM