I am reading the documentation and trying to grasp the concepts and I just read through the storage/collections part and it seems user can write objects to collections and create them in the process?
If not, how do you create a collection so users can only write objects in those collections? How do you prevent spam?
Is it the job of the registerBeforeReadStorageObjects hook to filter malicious spammy requests?
Sorry if this isn’t the place for asking this, as I said I am still trying to grasp the basics
edit: I did found this (Heroic Labs Documentation | Server Runtime Examples) example of an auth write and I get it, but for some things that are not meant to be auth written, the client should be able to write stuff… but then how do I limit what/where they can write