Right now if I define a policy that allows a principal to

read

some

article

, then I can only hope my application code makes use of this policy at all everywhere it needs to render an

article

I also noticed two related edge cases: edge case #1 if a

post

has `post-comment`s, should `post-comment`s have a separate

read

policy than

post

? I would say no assuming there's no privacy settings on

post-comment

s or so, but then what about the

update

policy? Surely `post`'s will be different than

post-comment

's because they're of different authors, for one. What does that mean now? I feel like having a

read

policy defined for every single model is going to be a huge burden on the system, at least in terms of network latency, no? edge case #2 How do you make it consistent when to process the whole collection (i.e. PlanResource) vs. individual objects? For example it makes sense to check that the principal can

read

every

post

individually, because they may be able to read some and not others, but it doesn't make sense to check if the user can read every single language name in the languages dropdown individually, as it's extremely unlikely that they could read some language names but not others

Like right now it's a complete mess how the application code is using Cerbos, and the lack of TypeScript types makes it even worse as the app code will send data and only hope that's sufficient for Cerbos to make a decision