While hacking together an authorization framework for my web app, I thought a lot of my work would be cut out if by default I applied the following logic. All objects created by a ‘User’ have a parent being the ‘User’. When a query is run to retrieve objects for a view, limit the returned objects by applying the ancestor() property to the Query. This seems in my head simple and sensible would work in all the cases I can think of. No one else seems to have done it though, am I missing something?
While hacking together an authorization framework for my web app, I thought a lot
Share
If you aim is to cordon-off all the objects that are related to a single account, then you might want to look at the multi-tenancy features, which are designed to do just this.
If your aim is just to have a convienent way to grab everything created by a single user, then we would need to know more about what your app does.
By setting the User as the parent for everything created by that user, you are placing everything related to that user into a single Entity Group, which means that if users in your application frequently need to update each other’s data your might run into issues.