The proliferation of various fetching methods and options makes the code unnecessarily fragile.
Some of it is done to manage relationship fetching as required by the projection, but the ACL checks add fetchACLDependencies. This is meant to be an orthogonal operation to the schema-driven fetching, but the relations needed for ACL often overlap with the model data relations.
Another problem with ACL-through-relations is that models fetched into a collection don't share relations, so fairly big objects may end up being repeatedly fetched for each model.
Here's a list of proposed changes:
[ ] Add asynchronous method fetchRelation to BaseModel, to fetch relations on demand. Deprecate access to relations with get. fetchRelations should be implemented in terms of fetchRelation, and may be considered for deprecation together with fetchAll.
[ ] Make ACL checks asynchronous in their most abstract form. Make the method checkAccess return a promise (backwards-compatible variant: come up with a new name and deprecate the current checkAccess, to recycle the name in the next major release), and make all operations use it instead of the synchronous checks. canAccess and getRoles could be retained as simple-to-use overridables for the default synchronous implementation.
[ ] Collection-wide context for sharing data common to all models, such as a parent model for the collection items. Currently meant for ACL, but it could be a general solution for similar needs.
The proliferation of various fetching methods and options makes the code unnecessarily fragile. Some of it is done to manage relationship fetching as required by the projection, but the ACL checks add
fetchACLDependencies. This is meant to be an orthogonal operation to the schema-driven fetching, but the relations needed for ACL often overlap with the model data relations.Another problem with ACL-through-relations is that models fetched into a collection don't share relations, so fairly big objects may end up being repeatedly fetched for each model.
Here's a list of proposed changes:
fetchRelationtoBaseModel, to fetch relations on demand. Deprecate access to relations withget.fetchRelationsshould be implemented in terms offetchRelation, and may be considered for deprecation together withfetchAll.checkAccessreturn a promise (backwards-compatible variant: come up with a new name and deprecate the currentcheckAccess, to recycle the name in the next major release), and make all operations use it instead of the synchronous checks.canAccessandgetRolescould be retained as simple-to-use overridables for the default synchronous implementation.