Hey, small question from frontendDev, I know how to ask server about relational queries, but assuming I’m useing angular - user can modify query to see another’s user “todolist”(for example) which I’d like to prevent to. How? 
Example:
User with id:1, have contacts with phone numbers
User with id:2 queries database through api, database returns only contacts with user_id:2 even if he tries to manipulate query, only session allowed to pass id.
If I made something unclear here - ask me please 