You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, if a user says, “list for me all clients in the system” we:
pull down all clients from the database
filter them based on permissions
filter them based on any user-provided criteria (currently none)
then paginates them
This obviously becomes problematic as the number of entities (clients, in this example) grows. Of course, naively passing through pagination parameters through to the database and filtering the results causes a different set of issues: page size would be highly variable, and we might return a dozen “empty” pages before returning a useful result to the user. And that behavior by itself would actually leak lot about how many clients exist that are hidden from the user.
Instead, we should use parameterized scopes to build permission-based filters at the GraphQL resolver layer, and pass them along with user-provided criteria and pagination data to the model layer and on to the database.
The text was updated successfully, but these errors were encountered:
Currently, if a user says, “list for me all clients in the system” we:
This obviously becomes problematic as the number of entities (clients, in this example) grows. Of course, naively passing through pagination parameters through to the database and filtering the results causes a different set of issues: page size would be highly variable, and we might return a dozen “empty” pages before returning a useful result to the user. And that behavior by itself would actually leak lot about how many clients exist that are hidden from the user.
Instead, we should use parameterized scopes to build permission-based filters at the GraphQL resolver layer, and pass them along with user-provided criteria and pagination data to the model layer and on to the database.
The text was updated successfully, but these errors were encountered: