Reconcile delegated queries for DAO and DynamicFKAuthorization
There are two facilities which are generally designed to check permissions on related entities:
- In the API layer,
- In the DAO layer,
These originate in somewhat different use-cases, but they generally both need to (a) look at some arbitrary table/entity reference and (b) filter to determine access. There are also some differences (e.g. single-record vs multi-record/batched; read-permission vs write-permission).