You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It makes it much easier to ensure that updates are only happening to an item that a user owns/created. Right now I'm doing the checking manually, which results in additional select queries. Something similar already exists for count and sum, as they take additional conditions.
The text was updated successfully, but these errors were encountered:
I'm not the project maintainer in any capacity, I'm just throwing this in from a typical webdevs perspective.
Architecturally speaking, validating whether an incoming HTTP Request has the necessary permission to do X is typically done in middlewares of the application before the controller of a given endpoint is even touched. Thus my first instinct would be to warn against granting this ability.
I assume count and sum (and other aggregatation procs I'd wager, if there are further ones)have the ability to add conditions solely so that you can filter precisely which entries you count and build sums from, for update that isn't specifically necessary as there's one specific entry you want to update with a specific set of values.
Feel free to counter me here, I'm interested whether there's a usecase I might be missing for this.
To clarify further:
This is just an example use case, I'm sure there are others that may want to update based on a condition. The reason I'm trying to avoid using middleware to check for permissions in this case is that it will result in two database queries being sent - one for the permissions check, and then one more to actually update the item. When dealing with a networked database (say postgres) where you may not have great latency (ie not in the same datacenter), those ms can add up. By avoiding the extra db call, in most cases latency can be cut in half.
Use case here is pretty common, let's say you've got a comment:
I'd like to be able to do something like
It makes it much easier to ensure that updates are only happening to an item that a user owns/created. Right now I'm doing the checking manually, which results in additional select queries. Something similar already exists for count and sum, as they take additional conditions.
The text was updated successfully, but these errors were encountered: