couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: doc permission mask proposal
Date Wed, 27 Apr 2011 22:30:30 GMT

On 27 Apr 2011, at 14:56, Kevin R. Coombes wrote:

> So it would be possible to have access to a view that allows you see a doc that you don't
have permission to see? Or am I misinterpreting something?

That was my question, but Benoit basically said "no". His approach is to disallow access of
a view that is defined in a design document that you have no permission to read.

Cheers
Jan
-- 

> 
> On 4/27/2011 4:43 PM, Benoit Chesneau wrote:
>> On Wed, Apr 27, 2011 at 11:33 PM, Jan Lehnardt<jan@apache.org>  wrote:
>>> On 27 Apr 2011, at 03:36, Benoit Chesneau wrote:
>>> 
>>>> I'm thinking to add simple permissions handling to a doc by using
>>>> _uid, _gid, _mod members to a doc where members are defined like this:
>>>> 
>>>> _uid: user owning the doc
>>>> _gid: group owning the doc
>>>> _mod: octal number, doc mode bits corresponding to chmod(1) values.
>>>> 
>>>> By doing this and if enable in settings we could do simple acl
>>>> handling like a file system when getting doc. access to views would be
>>>> handled by the access to the design doc containing them.
>>>> 
>>>> thoughts?
>>> http://mail-archives.apache.org/mod_mbox/couchdb-dev/201010.mbox/%3cC4B01815-5A28-4E5F-975D-70344B7570EC@apache.org%3e
>>> 
>>> How does this address the issue where a reduced value doesn't have an ACL associated
with it?
>>> 
>>> Cheers
>>> Jan
>>> --
>> you can't access to the view or reduce if yu don't have access to the
>> design doc in my design. So we don't try to check permissions for each
>> docs.
>> 
>> - benoƮt


Mime
View raw message