How do I filter a remote db query when someone sends an unauthorized select from a browser? I mean I want to check any record permissions with the auth object for any query (i.e permission, membership, ...). Is this currently possible (as built-in feature) or I must build my own logic with the requires method?.
Something like: auth.requires_accessible(<Query object>) I belive the above would have performance issues (I guess auth would need to retrieve the data to perform the checks), but was wondering if there is something already available for the task --
