Andrea PavlovicTOC
A basic concept of the Genesis Database is the inheritance of permissions.
Permissions are always based on the main entity which is being queried. If the query returns an instance, joins of certain references are permitted, while others are not. For an instance which is not returned, no joining is possible, so none of data the references there will be returned.
This is more easily explained with an example. Let's take a ticketing system. We have tickets with internal comments (only visible to employees) and external comments (visible to employees and requester).
The different type of comments (internal vs external) get split in two different entities. Employees get explicit access rights to all three entities (ticket, internal, external), while customers get explicit rights on just two (ticket, external).
The comment entities have references into the ticket entity so we know which ticket they belong to.
An employee can list both internal and external comments directly or join them to the ticket entity.
Customer
ticket queries
A query on ticket may join/prefetch external_comments and return any instances from there which reference to tickets the customer has access to, because external_comments is explicitly listed in the universe.
A query joining internal_comment is forbidden because this entity is not listed explicitly in the universe.
external_comment queries
A customer can do a query on external_comment and will get instances according to the ACLs. Also, join/prefetch of the referenced tickets is permitted, regardless of the permission on ticket itself.
Note that joining might return instances which are not returned in a listing.