couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fedor Indutny <fedor.indu...@gmail.com>
Subject Re: Access validation for docs and views
Date Tue, 09 Nov 2010 02:33:05 GMT
Yes, sorry it was not clear, but it's exactly like you're saying.

So my proposal is:
Add *validate_doc_view* function in _design documents with arguments like *doc,
userCtx, req*.
Add *validate_view_access* function into _design/views/view_name with
arguments like *req, userCtx*.

Example:
http://indutny.couchone.com/_utils/document.html?access_proposal/_design/test
(admin
party is here, so feel free to try anything).

So you can throw {forbidden: "some text"} in any of this callbacks, if user
have no access to item.

Also for views, you can limit access to specific range for user (like in
example).

2010/11/9 Bram Neijt <bneijt@gmail.com>

> I think I'm missing a part of this.
>
> If you want a user to see only part of the document, would you not
> create a view that only emits parts of the document?
>
> I'm new at this, so could you write up an usage example for me?
>
> Greets,
>
> Bram
>
> On Mon, Nov 8, 2010 at 5:34 PM, Fedor Indutny <fedor.indutny@gmail.com>
> wrote:
> > Hi everyone!
> >
> > You've discussed earlier possibility of adding access validators to
> _design
> > documents, this feature it's a kind of thing that many couchdb users will
> be
> > glad to see.
> > The conclusion of previous discussion was that we can't add this
> validators,
> > because we actually won't be able to tell later, whether user can access
> > _design/view or not.
> >
> > What if we could add *validate_view_**access *to _design document?
> > It's not only fix of problem, I've mentioned above, but also a feature:
> > You'll be able to allow user to access only view, without having an
> access
> > to a full document.
> > So, for example, views could show only *title* field of document, while *
> > price* field will be hidden in a document itself.
> >
> > What do you think?
> >
> > --
> > (Node.js, Ruby, Python, PHP developer)
> > Fedor Indutny
> >
>



-- 
Fedor Indutny

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message