Allow update and delete to specify a condition

[ajusa]

Use case here is pretty common, let's say you've got a comment:

type Comment = ref object of Model
  text: string
  user: string

I'd like to be able to do something like

dbConn.update(comment, "user = ?", signedInUser)

It makes it much easier to ensure that updates are only happening to an item that a user owns/created. Right now I'm doing the checking manually, which results in additional select queries. Something similar already exists for count and sum, as they take additional conditions.

[PhilippMDoerner]

I'm not the project maintainer in any capacity, I'm just throwing this in from a typical webdevs perspective.

Architecturally speaking, validating whether an incoming HTTP Request has the necessary permission to do X is typically done in middlewares of the application before the controller of a given endpoint is even touched. Thus my first instinct would be to warn against granting this ability.

I assume count and sum (and other aggregatation procs I'd wager, if there are further ones)have the ability to add conditions solely so that you can filter precisely which entries you count and build sums from, for update that isn't specifically necessary as there's one specific entry you want to update with a specific set of values.

Feel free to counter me here, I'm interested whether there's a usecase I might be missing for this.

[ajusa]

To clarify further:
This is just an example use case, I'm sure there are others that may want to update based on a condition. The reason I'm trying to avoid using middleware to check for permissions in this case is that it will result in two database queries being sent - one for the permissions check, and then one more to actually update the item. When dealing with a networked database (say postgres) where you may not have great latency (ie not in the same datacenter), those ms can add up. By avoiding the extra db call, in most cases latency can be cut in half.