couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Coombes <kevin.r.coom...@gmail.com>
Subject Re: doc permission mask proposal
Date Thu, 28 Apr 2011 01:49:28 GMT


On 4/27/2011 5:48 PM, Jan Lehnardt wrote:
> On 27 Apr 2011, at 15:43, Randall Leeds wrote:
>
>> On Wed, Apr 27, 2011 at 15:30, Jan Lehnardt<jan@apache.org>  wrote:
>>> On 27 Apr 2011, at 14:56, Kevin R. Coombes wrote:
>>>
>>>> So it would be possible to have access to a view that allows you see a doc
that you don't have permission to see? Or am I misinterpreting something?
>>> That was my question, but Benoit basically said "no". His approach is to disallow
access of a view that is defined in a design document that you have no permission to read.
>>>
>>> Cheers
>>> Jan
>> I think the answer is actually "yes". If you can see the design
>> document you can see everything the view emits, even if it came from a
>> document you can't view.
> Hm, I was thinking that the view updater would match the design doc acl against the doc
acl when the view is created and exclude it if it doesn't match up for reads.
>
> Cheers
> Jan
I think the real question is whether this puts the burden on the writer 
of the view (to make sure that he doesn't emit a document that should be 
protected) or whether Benoit's plan implies that the couch server would 
enforce the protections for you which is what I think your answer implies).

Mime
View raw message