I have a question regarding the design of an ACL check flow. Currently I am saving the object in one table and the associated ACL object, which holds permissions for a given user, in 2 separate tables. To check for permissions I use 1 DB call, where I join both tables and check if a given user has permissions to access a given object. I thought it could be better to outsource the database call and ACL check into 2 different functions, fx (pseudocode):
func getAllObjects(requester_id) {
objects = getAllObjects()
results = []
for each obj in objects {
ok = checkPermission(obj.id, requester_id, "read")
if ok {
add_obj_to_results
}
}
return results
}
func checkPermission(object_id, requester_id, required_scopes) {
// check acl checks the db if there is a acl with the required permissions for a given user
ok = checkACL(object_id, requester_id, required_scopes)
}Is this the right way ? What about statements like limit or offset? They properly wont work any more, or? Any best practices about this topic?
</div>