I have a multi-part, possibly confusing question… it’s been a while
since I’ve dug in to the Authorization bundle, so it’s taking me a bit
to remember how it all works. Bear with me as I struggle to make sense
of my thoughts, here 🙂

The majority of the code that I’m writing in my system uses a call to
the documentSession.IsAllowed method to check and see if the
AuthorizationUser has permissions for the Activity specified. This has
been working wonderfully for us, no problem. I’m expanding my app’s
authorization to make use of tags now and I’m wondering:

Does the documentSession.IsAllowed method account for Tags on document
permissions, role permissions, and user permissions?

For example:

If I have Bob assigned to the Manager role. The Manager role is
assigned a permission to allow a “Review” operation, with a Tag of
“ReadyForReview” on that permission. How do I make a call to
documentSession.isAllowed in a way that verifies that Bob can “Review”
things that are tagged “ReadyForReview” ?

I realize that I may be asking the wrong question and/or looking at
this from the wrong perspective. If I am going about this wrong,
please let me know.

The end goal is really to say “Can Bob review this assignment?” Where
an Assignment is a document in RavenDB that may or may not have a
“ReadyForReview” tag. Bob should only be allowed to review assignments
that have the “ReadyForReview” tag. I would like to have a method that
gives me a boolean value telling me if Bob can review that document.