> Can you unpack "access control"? More accurate terms would be ‘userCtx-based query restriction’ and/or ‘userCtx-based query rewrite’.
Assume we have views, that fetch by keys [%username%, startKey]…[%username%, endkey]. Using rewrite we can ensure user won‘t be able to fetch docs he has no rights for. It surely won‘t enable any access control for direct doc and attaches requests, but there are a lot of solution where they are not needed at all. As for JS-induced performance penalties... Well, in CouchDB, where you see term ‘javascript’, you must be ready to these penalties. It‘s inevitable price. > every request needs to be forwarded to a JavaScript Not necesserily. We have rewrite chains, so first hop may be served by classic rewrites list. > regular expression rewrites It gives not much more, then current implementation. I‘d say, it gives even less. ermouth
