Story #1329: ^^^^ Items To Discuss ^^^^
MNAuthorization.isAuthorized() -> assertAuthorized()
Should we change MNAuthorization.isAuthorized() to assertAuthorized()?
The rationale is that calls that start with "is" often return true/false, but this call has "assert" semantics in that it returns an exception if the subject does not have adequate permissions.
The function returns 200 OK for success, so, it's not possible for the call to return "false", like you would expect an "is" function to.
#1 Updated by Rob Nahf almost 11 years ago
Because this method returns NotAuthorized for 2 very different situations (not authorized for the action; subject not having the permission queried for), implementations should be sure to differentiate (with detail code? with description?) how to interpret the situation. For example, a client not authorized to call isAuthorized() due to some underlying certificate management problem, might proceed blindly assuming that all requested permissions are NotAuthorized and take improper action on the results. (Not saying that there is an example at present of this, but the design allows for this confusion).