Daryle De Silva

Content Whitelist Pattern: Handle Empty Lists with Explicit Intent

Written by

Daryle De Silva

in

📖 1 minute read

When implementing content whitelists with opt-in flags, always handle the empty whitelist case explicitly. An empty whitelist combined with a “whitelist required” flag should return NO results, not bypass the filter.

This pattern prevents accidental data leakage when a partner has whitelist requirements but hasn’t configured items yet. Match your internal reports to your API behavior – if the API returns nothing, the report should too.

if ($partner->getContentWhitelist()->isEmpty()) {
    if ($partner->requiresWhitelist()) {
        // Empty whitelist + requirement = return nothing
        return $query->whereIn('products.id', []);
    }
    // No requirement, skip filtering
    return $query;
}

// Has whitelist items, apply filter
return $query->whereIn(
    'products.id',
    $partner->getContentWhitelist()->pluck('product_id')->toArray()
);

Daryle De Silva

VP of Technology

11+ years building and scaling web applications. Writing about what I learn in the trenches.

Related Articles

Store ACF Field Keys When Using Corcel

If you're using Corcel to manage WordPress content from Laravel, you might notice ACF fields breaking when you create posts…

1 min read

When Filter Logic Doesn’t Match Display Logic

Ever get a bug report that sounds impossible? "I filtered by SGD, but I'm still seeing USD records in the…

3 min read

Feature Flag Implementation Pitfall: When Flags Always Return True

Feature flags are supposed to give you control. Enable a feature for 10% of users, test in production safely, roll…

3 min read

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts