From aaaa28d56916696abbd358637e3f35e254116e4e Mon Sep 17 00:00:00 2001
From: Raymond Feng <raymond@strongloop.com>
Date: Wed, 19 Mar 2014 16:24:50 -0700
Subject: [PATCH] Add more comments

---
 lib/models/acl.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/models/acl.js b/lib/models/acl.js
index 6a155f9a..d7f18b6f 100644
--- a/lib/models/acl.js
+++ b/lib/models/acl.js
@@ -138,7 +138,12 @@ ACL.getMatchingScore = function getMatchingScore(rule, req) {
     }
   }
 
-  // Weigh agaist the principal type
+  // Weigh against the principal type into 4 levels
+  // - user level (explicitly allow/deny a given user)
+  // - app level (explicitly allow/deny a given app)
+  // - role level (role based authorization)
+  // - other
+  // user > app > role > ...
   score = score * 4;
   switch(rule.principalType) {
     case ACL.USER:
@@ -155,6 +160,7 @@ ACL.getMatchingScore = function getMatchingScore(rule, req) {
   }
 
   // Weigh against the roles
+  // everyone < authenticated/unauthenticated < related < owner < ...
   score = score * 8;
   if(rule.principalType === ACL.ROLE) {
     switch(rule.principalId) {