Hi, so I have the following situation. I have an index of orders and each order has a locationId associated with it. In my own DB I have a user table and each user has an array of locationIds since they move from location to location every now and then.
I need to lock down the order index so a user can only search within their approved locations. I think that’s simple enough using secure api keys, and generating a new key when the user logs in using the array of locations as the filter properties in the key.
However, a user will only ever be at a single location at a time, so I want to filter the result set even further. This is where I’m wondering if the inheritance will work for the secure api keys.
For example the secure api key would be filtered for results with locationId in [loc1, loc2, loc3].
Could I then add a filter on the front end saying, filter results to only be in loc1? Or would this inheritance be ignored because its the same sort of action, i.e. filter?
Is there a better way to do this?