On Fri, May 25, 2012 at 1:49 PM, Robert Newson <[email protected]> wrote: > I can't think of a solid objection to this idea. The result of a > validate_doc_update can already vary based on the local security > object. Being able to inspect not only the new document, but any other > property of the request seems useful. >
Imo any security things should be distinct from authorization. So someone can also athenticate itself wh We could eventually add some extra data like proposed in my previous mail, but rather I think having a role given to a user depending on its IP would work better. And most of systems are working like this today anyway. - benoit
