datomic

2026-05-25T14:57:25.995069Z

My design for per-principal authorization currently filters the db with (d/filter db principal-allowed?). I plan to stage writes with (d/with db-auth tx). Before actually transacting I want to find any staged datoms that principal-allowed? would reject, so I can catch writes outside the principal’s authorization. What would be the most idiomatic way to do this? What I’m essentially looking for is an efficient way to check: (= (d/with db tx) (d/filter (d/with db tx) principal-allowed?))

favila 2026-05-25T15:01:36.824599Z

With/db returns db-after and tx-data which is exactly what your predicate needs

2026-05-25T15:02:18.854769Z

Yeah I can certainly go through the tx-data, was thinking if there was something declarative.

2026-05-25T15:02:25.993599Z

like: (= (d/with db tx) (d/filter (d/with db tx) principal-allowed?))

2026-05-25T15:02:32.729749Z

guess obviously not

favila 2026-05-25T15:02:42.081399Z

Why would that be more declarative?

favila 2026-05-25T15:04:05.224369Z

(Every? (Partial principal-allowed? Db-after) tx-data)

2026-05-25T15:05:36.373119Z

oh yeah, wow, completely missed that. thanks!

Keith 2026-05-25T15:21:16.090219Z

See also, entity predicates: https://docs.datomic.com/schema/schema-reference.html#entity-predicates

👍 1