Return-Path: 
 <dev-return-15838-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-dev-archive@www.apache.org
Delivered-To: apmail-couchdb-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 26F442B89
	for <apmail-couchdb-dev-archive@www.apache.org>;
 Wed, 27 Apr 2011 21:57:05 +0000 (UTC)
Received: (qmail 62009 invoked by uid 500); 27 Apr 2011 21:57:04 -0000
Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org
Received: (qmail 61976 invoked by uid 500); 27 Apr 2011 21:57:04 -0000
Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@couchdb.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@couchdb.apache.org>
List-Post: <mailto:dev@couchdb.apache.org>
List-Id: <dev.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list dev@couchdb.apache.org
Received: (qmail 61967 invoked by uid 99); 27 Apr 2011 21:57:04 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Apr 2011 21:57:04 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of kevin.r.coombes@gmail.com
 designates 209.85.160.180 as permitted sender)
Received: from [209.85.160.180] (HELO mail-gy0-f180.google.com)
 (209.85.160.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Apr 2011 21:56:55 +0000
Received: by gyf2 with SMTP id 2so1113782gyf.11
        for <dev@couchdb.apache.org>; Wed, 27 Apr 2011 14:56:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:message-id:date:from:organization:user-agent
         :mime-version:to:cc:subject:references:in-reply-to:content-type
         :content-transfer-encoding;
        bh=sG5i3siV4pB5Q5nikSDS4S/wXkx5BaHsBSagVssGOlM=;
        b=gG05FC337F4t2EqX2i8ic67aESsBoBBN0QQ9vrDGjn1DdqpoblobTAdTNHcUseKL0Y
         DlhQhW2IvH5wDhlI2qF2aRRu5pyDPt9Z9trkjF6T2fzA4Mjtb3uDKX6JUXX9wmlRgE3r
         a7X1OWi51sv+DgAnd5HoVhGcjYZ7WafHtBbWQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:organization:user-agent:mime-version:to:cc
         :subject:references:in-reply-to:content-type
         :content-transfer-encoding;
        b=nUAftrOeIDXbMJycxwy+nEauYF9ddC9dW1pLC6ao88utDzOwqpobp69xPalujqObWi
         XB1wXSb2EuOZ02q0U5Sfu5ahfb1b59tV4o9PX4JNgdDg1QwO0XOqzqleedMOcNDgBBkV
         mVBuMa5W4NyM3gOmRJE2FpOy1JrnRb5uuVTQQ=
Received: by 10.150.65.9 with SMTP id n9mr2562326yba.177.1303941394634;
        Wed, 27 Apr 2011 14:56:34 -0700 (PDT)
Received: from [10.105.35.136] ([143.111.22.28])
        by mx.google.com with ESMTPS id b1sm639327ybn.1.2011.04.27.14.56.32
        (version=TLSv1/SSLv3 cipher=OTHER);
        Wed, 27 Apr 2011 14:56:33 -0700 (PDT)
Message-ID: <4DB8910F.2070008@gmail.com>
Date: Wed, 27 Apr 2011 16:56:31 -0500
From: "Kevin R. Coombes" <kevin.r.coombes@gmail.com>
Organization: UT M.D. Anderson Cancer Center
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US;
 rv:1.9.2.14) Gecko/20110221 Thunderbird/3.1.8
MIME-Version: 1.0
To: dev@couchdb.apache.org
CC: Benoit Chesneau <bchesneau@gmail.com>
Subject: Re: doc permission mask proposal
References: <BANLkTinPpJo0X6C8iCRvoqd3UEbChj5ngA@mail.gmail.com>
	<ADD6E836-633B-4240-B3A9-70D51F549C3D@apache.org>
 <BANLkTikmxyTTHmW4LN+Ep7tS_GPz44eupQ@mail.gmail.com>
In-Reply-To: <BANLkTikmxyTTHmW4LN+Ep7tS_GPz44eupQ@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org

So it would be possible to have access to a view that allows you see a 
doc that you don't have permission to see? Or am I misinterpreting 
something?

On 4/27/2011 4:43 PM, Benoit Chesneau wrote:
> On Wed, Apr 27, 2011 at 11:33 PM, Jan Lehnardt<jan@apache.org>  wrote:
>> On 27 Apr 2011, at 03:36, Benoit Chesneau wrote:
>>
>>> I'm thinking to add simple permissions handling to a doc by using
>>> _uid, _gid, _mod members to a doc where members are defined like this:
>>>
>>> _uid: user owning the doc
>>> _gid: group owning the doc
>>> _mod: octal number, doc mode bits corresponding to chmod(1) values.
>>>
>>> By doing this and if enable in settings we could do simple acl
>>> handling like a file system when getting doc. access to views would be
>>> handled by the access to the design doc containing them.
>>>
>>> thoughts?
>> http://mail-archives.apache.org/mod_mbox/couchdb-dev/201010.mbox/%3cC4B01815-5A28-4E5F-975D-70344B7570EC@apache.org%3e
>>
>> How does this address the issue where a reduced value doesn't have an ACL associated with it?
>>
>> Cheers
>> Jan
>> --
> you can't access to the view or reduce if yu don't have access to the
> design doc in my design. So we don't try to check permissions for each
> docs.
>
> - beno�t