couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Randall Leeds (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1155) Etag send by list function does not depend on userCtx
Date Mon, 16 May 2011 20:56:48 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034304#comment-13034304
] 

Randall Leeds commented on COUCHDB-1155:
----------------------------------------

Looking at the wiki: http://wiki.apache.org/couchdb/Formatting_with_Show_and_List#ETags
It seems as though it's the roles that affect the etag. The documentation only mentions _show,
but perhaps _list behaves the same way. Can you verify this?
If the whole user context is available to the list function then I think it's a fair argument
that more than just roles should affect the etag.

Although, I wonder if it's actually more correct to let the function generate the etag itself
(or leave it off if it wants).
After all, there's no requirement that a _list or _show be deterministic, so how should CouchDB
know what etag to send?

I'd love some input from the community and devs on this one, but lets try not to bikeshed
toooo much. :-P

> Etag send by list function does not depend on userCtx
> -----------------------------------------------------
>
>                 Key: COUCHDB-1155
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1155
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>    Affects Versions: 1.0.2
>            Reporter: Johannes J. Schmidt
>
> List functions should send a different Etag when requested by different users.
> The following curl session shows identical Etags for different users. CouchDB must not
be in admin party mode.
> PROTOCOL=http
> DOMAIN="127.0.0.1:5984"
> DB=testdb
> # admin credentials for db creation
> ADMIN=admin:secure
> # this user must have an empty roles array
> USER=user:secure
> curl -XDELETE $PROTOCOL://$ADMIN@$DOMAIN/$DB
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/foo -d '{"count":1}'
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/_design/foo -d '{ "views": { "bar": { "map":
"function(doc) { emit(doc._id, null); }" } }, "lists": { "bar": "function(head, req) { return
req.userCtx.name || \"anonymous\" }" }}'
> curl -s $PROTOCOL://$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
> curl -s $PROTOCOL://$USER@$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> This issue is important for standalone CouchDB applications which use list functions
depending on the user context, eg. showing a login button or username.
> regards
> Johannes
> PS: I tried to write a javascript test case but this issue can only be reproduced if
the server is not in admin party mode, which the test suite requires. I am not so familar
with those tests to temporarily change the admin party.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message