Ensure requester is allowed to select/update/delete each document

db/create.go

@@ -65,6 +65,10 @@ func executeCreateStatement(ast *sql.CreateStatement) (out []interface{}, err er
 
 func create(txn kvs.TX, doc *item.Doc, ast *sql.CreateStatement) (out interface{}, err error) {
 
+	if !doc.Allow(txn, "create") {
+		return nil, nil
+	}
+
 	if err = doc.Merge(txn, ast.Data); err != nil {
 		return nil, err
 	}

db/delete.go

@@ -67,6 +67,10 @@ func executeDeleteStatement(ast *sql.DeleteStatement) (out []interface{}, err er
 
 func delete(txn kvs.TX, doc *item.Doc, ast *sql.DeleteStatement) (out interface{}, err error) {
 
+	if !doc.Allow(txn, "delete") {
+		return nil, nil
+	}
+
 	if !doc.Check(txn, ast.Cond) {
 		return nil, nil
 	}

db/modify.go

@@ -53,6 +53,10 @@ func executeModifyStatement(ast *sql.ModifyStatement) (out []interface{}, err er
 
 func modify(txn kvs.TX, doc *item.Doc, ast *sql.ModifyStatement) (out interface{}, err error) {
 
+	if !doc.Allow(txn, "modify") {
+		return nil, nil
+	}
+
 	if !doc.Check(txn, ast.Cond) {
 		return nil, nil
 	}

db/select.go

@@ -16,6 +16,7 @@ package db
 
 import (
 	"github.com/abcum/surreal/sql"
+	"github.com/abcum/surreal/util/data"
 )
 
 func executeSelectStatement(ast *sql.SelectStatement) (out []interface{}, err error) {
@@ -26,7 +27,7 @@ func executeSelectStatement(ast *sql.SelectStatement) (out []interface{}, err er
 
 		out = append(out, map[string]interface{}{
 			"key": string(kv.Key()),
-			"val": string(kv.Val()),
+			"val": data.NewFromPACK(kv.Val()).Data(),
 		})
 	}
 

db/update.go

@@ -67,6 +67,10 @@ func executeUpdateStatement(ast *sql.UpdateStatement) (out []interface{}, err er
 
 func update(txn kvs.TX, doc *item.Doc, ast *sql.UpdateStatement) (out interface{}, err error) {
 
+	if !doc.Allow(txn, "update") {
+		return nil, nil
+	}
+
 	if !doc.Check(txn, ast.Cond) {
 		return nil, nil
 	}