// OnFind implements resource.FindEventHandler interface func (a AuthResourceHook) OnFind(ctx context.Context, lookup *resource.Lookup, page, perPage int) error { // Reject unauthorized users user, found := UserFromContext(ctx) if !found { return resource.ErrUnauthorized } // Add a lookup condition to restrict to result on objects owned by this user lookup.AddQuery(schema.Query{ schema.Equal{Field: a.UserField, Value: user.ID}, }) return nil }