couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <randall.le...@gmail.com>
Subject Re: doc permission mask proposal
Date Wed, 27 Apr 2011 22:43:41 GMT
On Wed, Apr 27, 2011 at 15:30, Jan Lehnardt <jan@apache.org> wrote:
>
> On 27 Apr 2011, at 14:56, Kevin R. Coombes wrote:
>
>> So it would be possible to have access to a view that allows you see a doc that you
don't have permission to see? Or am I misinterpreting something?
>
> That was my question, but Benoit basically said "no". His approach is to disallow access
of a view that is defined in a design document that you have no permission to read.
>
> Cheers
> Jan

I think the answer is actually "yes". If you can see the design
document you can see everything the view emits, even if it came from a
document you can't view.

> --
>
>>
>> On 4/27/2011 4:43 PM, Benoit Chesneau wrote:
>>> On Wed, Apr 27, 2011 at 11:33 PM, Jan Lehnardt<jan@apache.org>  wrote:
>>>> On 27 Apr 2011, at 03:36, Benoit Chesneau wrote:
>>>>
>>>>> I'm thinking to add simple permissions handling to a doc by using
>>>>> _uid, _gid, _mod members to a doc where members are defined like this:
>>>>>
>>>>> _uid: user owning the doc
>>>>> _gid: group owning the doc
>>>>> _mod: octal number, doc mode bits corresponding to chmod(1) values.
>>>>>
>>>>> By doing this and if enable in settings we could do simple acl
>>>>> handling like a file system when getting doc. access to views would be
>>>>> handled by the access to the design doc containing them.
>>>>>
>>>>> thoughts?
>>>> http://mail-archives.apache.org/mod_mbox/couchdb-dev/201010.mbox/%3cC4B01815-5A28-4E5F-975D-70344B7570EC@apache.org%3e
>>>>
>>>> How does this address the issue where a reduced value doesn't have an ACL
associated with it?
>>>>
>>>> Cheers
>>>> Jan
>>>> --
>>> you can't access to the view or reduce if yu don't have access to the
>>> design doc in my design. So we don't try to check permissions for each
>>> docs.
>>>
>>> - benoît
>
>

Mime
View raw message