How do you organise your data structure for a MERN stack application where each organisations data is separated by locations?

Question

I am trying to build an application whereby data is separated by companies. Within each company, there can be multiple locations that contain different data. Users should be able to view each of the location's data separately and also would like to include user permissions to only allow admins to edit data. I don't have a lot of experience working with MongoDb but I'm trying to use it to gain some experience. What is the best way of structuring this?

Answer 1

Im not sure I unserstand your use case, but maybe:

1. You could assosicate each user with a company
2. Before performing a query, you pass the query through a function, say limitResults()
3. limitResults(user, query) adds a filter (WHERE like clause) to the query to only show data for the company the user is in, unless the user is an admin, then it returns the query unchanged so they can see all results.

It maybe beneficial to you read up the difference between authentication and authorisation. Once you have a system for authenticating someone, you need a system to determine what the person is allowed to do.