I have an architecture that is similar to the following:
Organizations have one to many users
Organizations have one to many requests
Since
my users are apart of an organization I want them to be able to see all
of that organization’s requests in the database with the only
requirement being that the request belongs to that organization. How
should I go about doing this with Backendless? Is there a way to use an
ACL on the requests table to say any authenticated user who belongs to
organization X? Do I need to build a custom role for each organization?
Should I just use a REST parameter for the search with some custom
business logic before or after the CRUD operation? I am new to
Backendless and there seems to be a lot a different ways to do things.
Normally if I was creating the API I would have the API filter results
based on the requesting users organization Id on the server before I
sent it back to the client, but I’m not sure if/how to do that in
Backendless since I’m pretty new to the platform. Apologize if this has
been asked before.
Thanks