Determining Feed Ownership for Edit/Delete Functionality in a client application
In a feed-based .NET MAUI application with authenticated users, how should ownership of feeds be identified to allow editing and deletion?
1. Should feeds be fetched in two separate requests (one for the logged-in user's feeds and another for all other feeds), then merged client-side with a flag (e.g., Mine = true) to indicate ownership?
2. Alternatively, should all feeds include their ownerId, enabling the client to identify ownership based on the logged-in user's ownerId? Is it secure and appropriate to expose ownerId values to the client in this approach?
3. Fetch feeds with a single API call, but let the server mark ownership before sending the response (e.g., include an isEditable or isOwned property). This combines the best of both?
1. Should feeds be fetched in two separate requests (one for the logged-in user's feeds and another for all other feeds), then merged client-side with a flag (e.g., Mine = true) to indicate ownership?
2. Alternatively, should all feeds include their ownerId, enabling the client to identify ownership based on the logged-in user's ownerId? Is it secure and appropriate to expose ownerId values to the client in this approach?
3. Fetch feeds with a single API call, but let the server mark ownership before sending the response (e.g., include an isEditable or isOwned property). This combines the best of both?
