Feature: Relational permission checks #15
Labels
Complexity: SECURITY
This issue involves resolving issues which have security implications on the module or project
Module: API
This issue pertains to the apps/api module
Priority: LOW
This issue isn't critical, security-related, or significantly beneficial to users.
Type: Feature
New feature or request
Permissions currently cannot be based on the state of relations they carry, however it could prove extremely useful. For example, we may only want to allow a User to read
Video
objects which are linked to aProduction
that is public.These sorts of permission checks would require additional database queries to fetch the relations, and may not be so straightforward to implement.
The text was updated successfully, but these errors were encountered: