couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fedor Indutny <fedor.indu...@gmail.com>
Subject Re: Access validation for docs and views
Date Tue, 09 Nov 2010 10:48:22 GMT
So I'm extending my proposal with this example:

Big company's people are stored in couchdb (200 - 400 people), with "salary"
field.
You may create views that will show total salary or salary of each
developers group, while not permitting to access individual salary.
My proposal: limiting views and docs separately.

2010/11/9 Fedor Indutny <fedor.indutny@gmail.com>

> Yes, sorry it was not clear, but it's exactly like you're saying.
>
> So my proposal is:
> Add *validate_doc_view* function in _design documents with arguments like
> *doc, userCtx, req*.
> Add *validate_view_access* function into _design/views/view_name with
> arguments like *req, userCtx*.
>
> Example:
> http://indutny.couchone.com/_utils/document.html?access_proposal/_design/test (admin
> party is here, so feel free to try anything).
>
> So you can throw {forbidden: "some text"} in any of this callbacks, if user
> have no access to item.
>
> Also for views, you can limit access to specific range for user (like in
> example).
>
> 2010/11/9 Bram Neijt <bneijt@gmail.com>
>
> I think I'm missing a part of this.
>>
>> If you want a user to see only part of the document, would you not
>> create a view that only emits parts of the document?
>>
>> I'm new at this, so could you write up an usage example for me?
>>
>> Greets,
>>
>> Bram
>>
>> On Mon, Nov 8, 2010 at 5:34 PM, Fedor Indutny <fedor.indutny@gmail.com>
>> wrote:
>> > Hi everyone!
>> >
>> > You've discussed earlier possibility of adding access validators to
>> _design
>> > documents, this feature it's a kind of thing that many couchdb users
>> will be
>> > glad to see.
>> > The conclusion of previous discussion was that we can't add this
>> validators,
>> > because we actually won't be able to tell later, whether user can access
>> > _design/view or not.
>> >
>> > What if we could add *validate_view_**access *to _design document?
>> > It's not only fix of problem, I've mentioned above, but also a feature:
>> > You'll be able to allow user to access only view, without having an
>> access
>> > to a full document.
>> > So, for example, views could show only *title* field of document, while
>> *
>> > price* field will be hidden in a document itself.
>> >
>> > What do you think?
>> >
>> > --
>> > (Node.js, Ruby, Python, PHP developer)
>> > Fedor Indutny
>> >
>>
>
>
>
> --
> Fedor Indutny
>



-- 
Fedor Indutny

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message