Authorized queries & mutations (patch, delete, get)
Hi, me again 
I am looking for a way to authorize, not just authenticate before fetching / removing / patching a single record.
As I understood from the documentation, functions like
I am looking into a way to confirm that the currently logged in user can only do this for records they created / own.
I've come up with a following solution (picture attachment):
I make use of
I am wondering if this is the correct way of doing it + would this be a candidate for an internal function?
Thanks!
I am looking for a way to authorize, not just authenticate before fetching / removing / patching a single record.
As I understood from the documentation, functions like
.get() .patch() .delete().get() .patch() .delete() all take one argument, the id of the record to fetch / modify.I am looking into a way to confirm that the currently logged in user can only do this for records they created / own.
I've come up with a following solution (picture attachment):
I make use of
.query().query(), .withIndex().withIndex() and .unique().unique() to confirm the logged in userId matches record's userId.I am wondering if this is the correct way of doing it + would this be a candidate for an internal function?
Thanks!
