Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Translate filters, permissions, and pagination to SQL #220

Open
mike-marcacci opened this issue Aug 7, 2020 · 0 comments
Open

Translate filters, permissions, and pagination to SQL #220

mike-marcacci opened this issue Aug 7, 2020 · 0 comments
Assignees
@ebrown32
Labels
packages/authx type:enhancement

Comments

@mike-marcacci
Copy link
Member

Currently, if a user says, “list for me all clients in the system” we:

  1. pull down all clients from the database
  2. filter them based on permissions
  3. filter them based on any user-provided criteria (currently none)
  4. then paginates them

This obviously becomes problematic as the number of entities (clients, in this example) grows. Of course, naively passing through pagination parameters through to the database and filtering the results causes a different set of issues: page size would be highly variable, and we might return a dozen “empty” pages before returning a useful result to the user. And that behavior by itself would actually leak lot about how many clients exist that are hidden from the user.

Instead, we should use parameterized scopes to build permission-based filters at the GraphQL resolver layer, and pass them along with user-provided criteria and pagination data to the model layer and on to the database.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ebrown32 ebrown32

Labels
packages/authx type:enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mike-marcacci @ebrown32