Conveniences and Path Variables
Filters can be programmatically applied to path variables. For example, we may have a top-level collection called /agreements which can be filtered by the participating agencies in the /agreement object. I may restrict that list of items with a filter like
In order to restrict a member of Agency 456 from only being able to see their own things, we can create a convenience, or an alias, from
This allows us to restrict access to users based on the with simple pattern matching at the API frontend. If a person is only allowed to see things in /agencies/456/* they will not be able to rewrite their request to /agencies/123/* -- the front end security will block them before they even get to the actual API.
Be sure to see my blog over at Cloudenity. This week's topic:
Identity Isn't Just for Users Anymore