Force Relational Query / Disallow user to see other users data


#1

Hey, small question from frontendDev, I know how to ask server about relational queries, but assuming I’m useing angular - user can modify query to see another’s user “todolist”(for example) which I’d like to prevent to. How? :slight_smile:

Example:
User with id:1, have contacts with phone numbers
User with id:2 queries database through api, database returns only contacts with user_id:2 even if he tries to manipulate query, only session allowed to pass id.

If I made something unclear here - ask me please :smile:


#2

ok, I’ve found another topic with explanation