Feature: Implement Allowed / Denied list for setting/updating attributes in collections

[frankmayer]

I was thinking of adding an "allowed" or "denied" list of attributes that can be set/updated.

Ideally this is a nestable list, that allows attributes in subdocuments as well.

I'd like your comments and suggestions on this.

Thanks :)

[jsteemann]

What is the intended use case for this? Is it protecting immutable attributes such as _id, _rev and such?

[frankmayer]

It could internally also be used for that, but the use case is, so that we can set specific attributes that we want not to be set/updated. The behavior of this could be blocking the request before it gets to the server in case of such an attempt or silently just not updating the attributes in question. It's like a last security check.

I was about to write this for my project, on top of the driver, but I thought the community could benefit from this. :)

[jsteemann]

Yes, sounds useful. I think the most generic approach will be to allow users to register classes or callbacks that do the validation, maybe together with providing some default validators. Then it will give users ultimate flexibility plus ease of use.

[frankmayer]

Yes, that's what I had in mind, too. I'll try to write something up, this week.

[frankmayer]

This, is something that will be addressed after the split #50