jfoutz

there are at least 2 classes of errors, 1, bad data, likerequest can't be parsed, product id is invalid or something. For public consumption, i'd go with 400 or 404....

Tenant vs TenantID, Requiring a Tenant seems to indicate a select before an update. the Tenant record needs to be populated, then modified based on the query params, then finally...

I don't know your codebase, but i have some guesses about functionality. I'm going to work from the shopify analogy, because that's all i really know. So one approach might...

Yes. that's it exactly. It might be a lot easier to do the row caching trick in Persistent, if you can get a hold of the internal data structure that...

IO makes guarantees. The DSL i'm suggesting would make guarantees, and actually do the work. I'll think about what we might provide to remind people of caching issues. If something...

the handlers run in IO. i'm pretty sure logging is just a fancier form of `lift.lift.putStrLn` there are some questions to answer about how to pass the file handle around,...

So, Servant has some support for different authentication strategies, via that experimental api. I'm hoping to dig into that Wednesday. Authorization is a whole different problem. After authentication, i know...

I'd think of "admin" or "finance-manager" as a role. "view-any-booking" would be a permission, something they're allowed to do. I think we agree, but i might include a "vacation-labs-admin" that...

- Adding a row in the permissions table cannot have any effect till some code is updated to react to that permission, right? Yeah, the permission (as i see it)...

@sudhirvkumar Yes! absoulutely. But if the roles are custom created at runtime things get tricky. Maybe something like ``` newtype Permission = String data Role = Anonymous | Admin |...