The last piece of access control API that was not yet modernized (see #445) is size constraints. While it is currently modeled as "offset" and "limit", from the access control perspective I suppose the important part is the max total number of objects returned (so just the "limit").
Let's redesign it to align with other constraint APIs (allow configuration to be done per-stack or per-request; support in AgEntityOverlay and perhaps in some annotations).
The last piece of access control API that was not yet modernized (see #445) is size constraints. While it is currently modeled as "offset" and "limit", from the access control perspective I suppose the important part is the max total number of objects returned (so just the "limit").
Let's redesign it to align with other constraint APIs (allow configuration to be done per-stack or per-request; support in AgEntityOverlay and perhaps in some annotations).