> How do you do per-doc or per-attachment ACL? Those are not core CouchDB features.
_list function checks if query has user as a first-level key and it matches caller. Then list resend map result if user have permissions. So most of the time CPU serialize, then deserialize, then again serialize map response. Good when you have tenths of users – but fatally expensive when you have hundreds. Also this adds vulnerability since you can generate dummy requests that generate enormous map response. It will spend CPU since we check ACL after fetching data, not before. So this approach is useful, but very limited. About attachments – there is no good way exept security by obscurity, that is also weird.
