My design for per-principal authorization currently filters the db with (d/filter db principal-allowed?). I plan to stage writes with (d/with db-auth tx). Before actually transacting I want to find any staged datoms that principal-allowed? would reject, so I can catch writes outside the principal’s authorization. What would be the most idiomatic way to do this? What I’m essentially looking for is an efficient way to check: (= (d/with db tx) (d/filter (d/with db tx) principal-allowed?))
With/db returns db-after and tx-data which is exactly what your predicate needs
Yeah I can certainly go through the tx-data, was thinking if there was something declarative.
like: (= (d/with db tx) (d/filter (d/with db tx) principal-allowed?))
guess obviously not
Why would that be more declarative?
(Every? (Partial principal-allowed? Db-after) tx-data)
oh yeah, wow, completely missed that. thanks!
See also, entity predicates: https://docs.datomic.com/schema/schema-reference.html#entity-predicates