Earlier, I was using FQL through JS Client, was short of time and implemented user specific data in the following way in my JS component:
- Add a “userid” field to the object Schema of collection
- On login, the component obtains and keeps the userid (auth.instance.id)
- When writing objects from the component, always adds this userid property (not visible to the actual App)
- While making index, uses this userid in the Term expression so that only user’s objects are obtained from that index
I had to go this way as I was short of time. But I don’t like the client component being aware of the userid internal and making use of it. It’s a security issue too. The ideal solution will be if the server can automatically deliver objects only belonging to the authenticated user by some trick which can be a combination of UDF, index, etc. The client side App should not even be aware of this processing.
I want to do this in GraphQL. Is that kind of entirely server based solution possible that gives the client a view of authenticated user’s data only? You already have a nice user authentication which is totally server based and configurable as far as collection name,encrypted field names are concerned. I wonder if there is a feature of user specific view too.
Thanks.