Let me preface by saying I’m not a coder. My question is about how to implement permissions in database and editor to improve performance - whether its better to only implement read, write and update controls only in database to reduce the logic processing on the front-end while the app is running.
Because I read this on Adalo help docs Collection Permissions - Adalo Resources
“Updating collection permissions is different from just hiding this information from users by using visibility rules. Instead of just hiding the information, the data is not even served to the users device from the database.”
and I don’t know what "Data is not even Served" means 100% clearly. But I currently assume that these records in the collection are not even fetched, so they appear on the ‘Screen’ on the PWA/Native App pre-filtered from the DB.
Since I’ve read many threads on forum which say we should try to minimize filters, minimize number of collections items fetched, and reduce conditional visibility components on screens to improve performance.
Maybe someone technical can explain where the ‘filtering’ delay really happens in Adalo - DB level or in device’s front-end processing.
Lets take an example of an app I’m working on - a simple app to help users organize their podcast notes. Collections structure is -
Users have many podcasts → 1:m (all their own, not a global standard podcast library from where users follow or unfollow, in which case it’ll be m:m)
Podcasts have many episodes → 1:m
Episodes have notes : 1:1, but implemented in Adalo as 1:m
I want the User Flow to be Home screen (list of podcasts) → Podcast Screen (list of episodes) → Episode Notes. I could do this in Editor by showing a list of podcasts and filtering by logged in user, then list of episodes filtered by current podcast, and notes filtered by current episode’s notes.
Q1) Would my app be faster if I DON’T implement the filters in the Editor, and just show the lists on screen as is, and implement collections permissions - who has access to view, who has access to create, who has access to update & delete - by selecting ‘Some Logged In Users’ and filtering Users further in that?
Q2) Is there a security risk if I don’t implement filters on both “front-end” and databse permisison - as in somehow users who should not be seeing other users’ lists will somehow be able (by accessing Deep Links on PWA or otherwise) to see and modify?
Q3) Or is the best approach to implement filters on both collection permission and in the Editor? Sacrifice a litte performance for optimal balance with security.
This is a trivial use case, but I’m wondering whether this approach will work for more complex use apps like multi-tenant SaaS, project management tools, etc. and help speed up the performance.