My team is trying to work out how to separate N1QL read queries from write queries, as our system is permission-based and not all users that can input queries should be able to perform writes.
The docs haven’t been much help on this. So far we’ve only found one way to do this with the SDK: marking queries as read-only for users who don’t have write permissions. This way the server will reject a query if it tries to write on DB.
I feel this is insufficient. We’d like to know when we first receive the query from the user if it’s going to write so we can handle it appropriately even without actually querying the cluster. Furthermore, I feel “readonly” was intended as a performance optimization, not an access control, as that’s the only use the docs mention.
Does any SDK class actually parse the query? Is this functionality exposed somewhere? Is there any way to retrieve this information? If the answer is no, we will probably just use readonly, because mantaining our own N1QL parser seems pretty overkill.
tl;dr any way to tell from Java code if a N1QL query is “read” or “write”?