check if: if any one of those fails, the entire authorization fails
allow if/deny if: they are tried in order, we stop at the first that matches. If an allow if matches and all checks passed, then the request is authorized
Im not trying to be annoying but I still don’t get it. It might be easier for me with some examples. I’m sure when folks start using this, it’ll be more clear.