@wohali Yes, that's the basic logic. I think my condition logic is the wrong
way around, because I would say that the `throw` happens if `condition` is
false rather than if condition is true.
```js
if (doc.type === "post") { // i.e., "if <guard condition>"
if (! (doc.author == userCtx.name)) { // i.e., "if not <condition>"
throw("you can't update other users' docs.")
}
}
```
@ermouth I can see that you could combine the guard and the condition into a
single clause quite easily given they are both Mango selectors. I just find
that the logical distinction of "the types of thing this authorisation decision
applies to" (guard) and "the authorisation condition itself" (condition) makes
things more clear.
As to whether `schema` and `authorization` are worthy of separate top-level
concepts when I could see that you're right again that they could be combined
in a kind of guard-condition-action type framework, I'm unsure. Again, it
perhaps helps to separate them from a readability point of view, "here's my
schema check, here's my authorisation check". Unsure.
[ Full content available at: https://github.com/apache/couchdb/issues/1554 ]
This message was relayed via gitbox.apache.org for [email protected]
