couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Per Document Filtering/Authorization
Date Fri, 03 Dec 2010 06:37:22 GMT
On Fri, Dec 3, 2010 at 5:31 AM, David Pratt <fairwinds.dp@gmail.com> wrote:
> Hi Randall. Am not opposed to this either, however we are currently
> two dbs with _users at present and see per document authorization as
> an opportunity to extend current authorization policy.
>
> If not a separate db, can you elaborate on your ideas and how you
> would reconcile with _users with roles, and with Admins and Readers
> groups. What sort of mechanism are you suggesting?
>
> On Fri, Dec 3, 2010 at 12:42 AM, Randall Leeds <randall.leeds@gmail.com> wrote:
>> A separate database is a bad idea IMHO. Whatever solution to
>> per-document filtering we come up with should allow for the
>> CouchApp-style database-as-application paradigm where one expects to
>> get a fully working application by replicating a single db.
>

I was thinking auth could be done as document level while maintening
users in a db. A db could have metadata like owner,  readers and
writers. Tnen the main problem to solve is in views. But in the
hypothesis, the docs know who are their users, you can do the same and
put auth to a  design document and restrict access to a group of views
defined on a design doc.  Last problem to solve is the all_docs, but I
guess it could be replaced with a view if needed.

- benoit

Mime
View raw message