fix(#210): allowed value log in response policy evaluation

[fredmaggiowski]

Allowed documentation states:

Allowed is a helper method that'll return true if all of these conditions hold: - the result set only has one element - there is only one expression in the result set's only element - that expression has the value true - there are no bindings.

If bindings are present, this will yield false: it would be a pitfall to return true for a query like data.authz.allow = x, which always has result set element with value true, but could also have a binding x: false.

Since the policy is actually returning the new body it is expected to return a single expression with value different from true

To verify:

• policy failure logs false
• differentiate somehow between Evaluation for response and evaluation for request; maybe replicate the Allowed function but with a type assertion on boolean expression

Note:

The verifyAllowed function is supposed to be an internal utility only for logging purposes; I would not use it to decide what to return since it is too lax, I'd still rely on the results.Allowed func for that until a better solution is found.

[coveralls]

Pull Request Test Coverage Report for Build 5403545644

• 1 of 1 (100.0%) changed or added relevant line in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 84.363%

---

Totals
Change from base Build 5401248238:	0.0%
Covered Lines:	1775
Relevant Lines:	2104

---

💛 - Coveralls

[davidebianchi]

LGTM

[fredmaggiowski]

LGTM

Please review it again, it wasn't complete and actually bugged