-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHECKLIST
27 lines (16 loc) · 937 Bytes
/
CHECKLIST
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Uncertain features:
. Scheduler + userland worker
. Attachment
. populate security model
. restrictedAccess (on collection's schema) is deactivated, should it be removed or refactored?
. 'skip' denial of service possibilities
. 'filter' and 'sort' in query use the collection schema, not the altered one
Refacto:
. Populate should not be done on primary request
--> for single doc, use `document.populate()` afterward, so populate rules and rights are checked before eventually useless DB round-trip
--> for multi docs, use `new Population()`, `document.preparePopulate()` and `world.populate()` afterward, so:
- documents can be filtered out of the batch early (when there is no access granted to them)
- some rules and rights can be checked first before the big `world.populate()`
Misc:
OK change all [element].concat(array) to ES6 [ element , ... array ] (cleaner and faster)
OK remove ownKeys handler in RootsDB