Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 55253 invoked from network); 7 Oct 2009 09:07:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 7 Oct 2009 09:07:40 -0000 Received: (qmail 46357 invoked by uid 500); 7 Oct 2009 09:07:39 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 46275 invoked by uid 500); 7 Oct 2009 09:07:39 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 46263 invoked by uid 99); 7 Oct 2009 09:07:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Oct 2009 09:07:39 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jason@jasondavies.com designates 89.145.97.179 as permitted sender) Received: from [89.145.97.179] (HELO www1.netspade.com) (89.145.97.179) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Oct 2009 09:07:28 +0000 Received: from jddavies.gotadsl.co.uk ([82.133.112.184] helo=[10.0.1.2]) by www1.netspade.com with esmtpa (Exim 4.69) (envelope-from ) id 1MvSUE-0006mG-S0 for dev@couchdb.apache.org; Wed, 07 Oct 2009 09:07:07 +0000 Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes Mime-Version: 1.0 (Apple Message framework v1076) From: Jason Davies In-Reply-To: <4AC50402.6090805@canonical.com> Date: Wed, 7 Oct 2009 10:07:02 +0100 Content-Transfer-Encoding: 7bit Message-Id: References: <4AC50402.6090805@canonical.com> To: dev@couchdb.apache.org X-Mailer: Apple Mail (2.1076) X-SA-Exim-Connect-IP: 82.133.112.184 X-SA-Exim-Mail-From: jason@jasondavies.com X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on www1.netspade.com X-Spam-Level: Subject: Re: Validation functions and design documents X-SA-Exim-Version: 4.2.1 (built Sat, 01 Aug 2009 12:09:26 +0000) X-SA-Exim-Scanned: Yes (on www1.netspade.com) X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Status: No, score=-4.5 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 Hi Eric, On 1 Oct 2009, at 20:33, eric casteleijn wrote: > I was unpleasantly surprised today when I tried to implement a > rather critical piece of our infrastructure: the validation to > prevent replication of certain design documents which are run on our > server node(s). It appears that validation functions don't get > called at all when a design document is updated. I used the logging > example from the book: > > http://books.couchdb.org/relax/reference/security#Update%20Validations%20Again > > and this logs an entry for each update to a regular document, but is > eerily silent on updates to design documents. > > Is there maybe a switch I can turn on in the .ini file, or a > different kind of validator I can use for this purpose? This is correct, validation functions don't appear to get called for design docs, instead there is a check to see whether the user is an admin or not. I would imagine calling the validation function when the user *isn't* an admin would be a good idea. As the validation functions can't mutate docs, this shouldn't cause any problems. Does anyone else have any comments? The only problem might be that this would allow design docs to be written by non-admins by default. Perhaps a .ini flag validate_design_docs = true could be used to turn on this behaviour? Cheers, -- Jason Davies www.jasondavies.com