couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Joseph Davis (JIRA)" <j...@apache.org>
Subject [jira] Commented: (COUCHDB-442) Add a "view" or "format" function to process source doc on query
Date Wed, 29 Jul 2009 18:40:14 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12736743#action_12736743
] 

Paul Joseph Davis commented on COUCHDB-442:
-------------------------------------------

Still not convinced. I'm basically reading this as an argument for adding some special code
for making list and show functions not be tied to the underlying document or view which should
be more than reasonable. include_docs=true would definitely need to respect ACL's of any sort,
and it should do that with a trivial patch if it doesn't do it already.

The example for emit(key, sanitize(doc)) is lost on me. If you have a view, and want the user
to have access to extra information in the doc when reading that view, just include it in
the view and use whatever access control we might have in place for reading views.

And lastly, If you're data is 95% public then I'd start suggesting that you might want to
consider two databases, one for the private and one for public. The only analogy that I can
think of is trying to keep water in a colander, you can try and plug every hole or turn off
the tap. I'm a turn off the tap kind of guy.

> Add a "view" or "format" function to process source doc on query
> ----------------------------------------------------------------
>
>                 Key: COUCHDB-442
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-442
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: JavaScript View Server
>            Reporter: Curt Arnold
>
> It is common practice to emit pairs like {key, null} and then query with ?include_docs=true
to retrieve the documents that were responsible for the entries.  However, the full document
may include information that is privileged or the full document may be substantially larger
than the information needed to be transferred to the client.
> The proposed enhancement is to allow defining a "view" function in addition to the existing
"map" and "reduce" on a view.  If specified, the view function would take the id, key, value
and doc and return a JSON value that would be added as the "view" member to the row in the
result set.
> One of the use cases on http://wiki.apache.org/couchdb/Authentication_and_Authorization
is to be able to specify that a user can retrieve the values from a view, but not add include_docs
since that may expose information that they are not authorized to view.  Without the "view"
function, there would be pressure to start pushing things into the emitted value.
> Production of views would be likely controlled using a include_views=true in the query
string.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message