michielbdejong
commented
2 years ago We should really have some access-control-awareness in our code structure. The current code structure with a flat list of commands, each of which just have full access to the database, is a bit crazy. We could set up a separation with something like a Data Access Object where it would be impossible to write a command that exposes data that the currently logged in user does not have access to.
It shouldn't just spit out our entire database, there should obviously be some form of access control :)