Good approach for record-level access control? #5508
-
|
Is there a "known good approach" for implementing record level access control for a Hot Chocolate-enabled system based on user and record metadata? We would like to restrict the records returned based on the user's "access control lists" which are stored in another table. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
I think may have the answer to my own question: Looks like it's not Hot Chocolate's scope to do that. I should implement the filtering at the database access level (in my case), so I'd do it in the IQueryable implementation. If I'm misunderstanding something, however, I'd appreciate a redirect. |
Beta Was this translation helpful? Give feedback.
I think may have the answer to my own question: Looks like it's not Hot Chocolate's scope to do that. I should implement the filtering at the database access level (in my case), so I'd do it in the IQueryable implementation. If I'm misunderstanding something, however, I'd appreciate a redirect.