I am trying to figure out if there is a way to secure individual documents. Preferably there would be a pre-accept hook that would allow checking if the current user has access to the requested document(s). In a standard web application you may want to have object level permissions, so that only the objects(documents) that a user created can be viewed/deleted by them or administrators of the system. I have looked at the current functionality and have not seen any way to do this transparently, only by adding additional layers to your client/server api code. Am i just missing something or is there no way to do this?
Thanks for all the great work!