Lets assume there's an object A with public read and write both false via ACL. And there's an object B without any ACL.
If a user (who's not related to A or B) queries, the response contains both objects. Complete details of B is fetched whereas only ID, created_at and updated_at is fetched for A.
[{ "id": "obj A's id", "created_at": "...", "updated_at": "..." }, { "id": "obj B's id", "created_at": "...", "update_at": "...", "more" : "data", "user" : [object], . . . }]
My question is, why is even A fetched?