phroggyy
11/22/2021, 2:46 PMcompany->manager
), and another user has been granted access to 3 distinct recruitments, what's a sensible way to list the recruitments a user has access to?
If I want to e.g list 25 records, I can of course retrieve 25, and check if the user can access each individual one, but for the user that has access to 3, it might be that none of the first 25 are accessible, so then I have to retrieve the next 25, for potentially 400 queries. Of course, I can also list a bunch more recruitments and narrow it down, but now I have to deal with a lot of wasted memory. Lastly, I can make my code do multiple checks:
1. Can I "list all recruitments" on the company?
2. If yes, query latest 25 and return ⬛️
3. Query the authorization database "which recruitments do I have direct access to?"
4. Query the recruitments database, only in certain IDs ⬛️
I feel like I'm missing something in my mental model for this – any advice? I think this seems similar to the question @User answered yesterday on resource type vs specific resource, but I'd love some more clarity on it