couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fedor Indutny <fedor.indu...@gmail.com>
Subject Re: Access validation for docs and views
Date Tue, 09 Nov 2010 10:50:08 GMT
I think we must discuss here, whether we can bypass this access limitation
or not.
If we can - this access limitation is useless, if not - we definitely must
review it and think about adding this to couchdb.

2010/11/9 Fedor Indutny <fedor.indutny@gmail.com>

> So I'm extending my proposal with this example:
>
> Big company's people are stored in couchdb (200 - 400 people), with
> "salary" field.
> You may create views that will show total salary or salary of each
> developers group, while not permitting to access individual salary.
> My proposal: limiting views and docs separately.
>
> 2010/11/9 Fedor Indutny <fedor.indutny@gmail.com>
>
> Yes, sorry it was not clear, but it's exactly like you're saying.
>>
>> So my proposal is:
>> Add *validate_doc_view* function in _design documents with arguments like
>> *doc, userCtx, req*.
>> Add *validate_view_access* function into _design/views/view_name with
>> arguments like *req, userCtx*.
>>
>> Example:
>> http://indutny.couchone.com/_utils/document.html?access_proposal/_design/test (admin
>> party is here, so feel free to try anything).
>>
>> So you can throw {forbidden: "some text"} in any of this callbacks, if
>> user have no access to item.
>>
>> Also for views, you can limit access to specific range for user (like in
>> example).
>>
>> 2010/11/9 Bram Neijt <bneijt@gmail.com>
>>
>> I think I'm missing a part of this.
>>>
>>> If you want a user to see only part of the document, would you not
>>> create a view that only emits parts of the document?
>>>
>>> I'm new at this, so could you write up an usage example for me?
>>>
>>> Greets,
>>>
>>> Bram
>>>
>>> On Mon, Nov 8, 2010 at 5:34 PM, Fedor Indutny <fedor.indutny@gmail.com>
>>> wrote:
>>> > Hi everyone!
>>> >
>>> > You've discussed earlier possibility of adding access validators to
>>> _design
>>> > documents, this feature it's a kind of thing that many couchdb users
>>> will be
>>> > glad to see.
>>> > The conclusion of previous discussion was that we can't add this
>>> validators,
>>> > because we actually won't be able to tell later, whether user can
>>> access
>>> > _design/view or not.
>>> >
>>> > What if we could add *validate_view_**access *to _design document?
>>> > It's not only fix of problem, I've mentioned above, but also a feature:
>>> > You'll be able to allow user to access only view, without having an
>>> access
>>> > to a full document.
>>> > So, for example, views could show only *title* field of document, while
>>> *
>>> > price* field will be hidden in a document itself.
>>> >
>>> > What do you think?
>>> >
>>> > --
>>> > (Node.js, Ruby, Python, PHP developer)
>>> > Fedor Indutny
>>> >
>>>
>>
>>
>>
>> --
>> Fedor Indutny
>>
>
>
>
> --
> Fedor Indutny
>



-- 
Fedor Indutny

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message