Hey everyone, we build second way to check access in your applications; subject specific access checks.
From now you can perform access control checks as both resource specific and subject specific (data filtering) with single API calls.
A simple resource specific access check takes form of Can the subject U perform action X on a resource Y ?. A real world example would be: can user:1 edit document:2 where the right side of the ":" represents identifier of the entity.
On the other hand subject specific access check takes form of Which resources does subject U perform an action X ? This option is best for filtering data or bulk permission checks. For example you list some resources with pagination and want to get the exact resource list of user:1 can delete on each page.
For this access check you can ask questions in form of “Which resources can user:X do action Y?” And you’ll get a SQL query without any conditions (filter, pagination or sorting etc) attached to it.
You can add conditions depending on your needs after getting the query response. So if you have a list with pagination, after getting the core SQL query from our API request you can add pagination filters to it.
If you want to learn more about how to use data filtering check out our docs.
