couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noah Slater (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1155) Etag send by list function does not depend on userCtx
Date Thu, 26 May 2011 20:16:48 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13039899#comment-13039899
] 

Noah Slater commented on COUCHDB-1155:
--------------------------------------

I was stung by this today. I'm trying to build a CouchApp, but instead of building the page
with client-side JavaScript, I am doing it all using shows and list functions. The first hurdle
I ran into while implementing an authentication system was that the parts of the template
that indicate whether you are logged in or not would fail to update. Turns out that CouchDB
is caching the results of these functions, across sessions. So, I am +1 on updating Etag calculation
depending on authenticated user, as well as roles. Until this is implemented I will have to
use the unique role per user bodge. 

> Etag send by list function does not depend on userCtx
> -----------------------------------------------------
>
>                 Key: COUCHDB-1155
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1155
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>    Affects Versions: 1.0.2
>            Reporter: Johannes J. Schmidt
>
> List functions should send a different Etag when requested by different users.
> The following curl session shows identical Etags for different users. CouchDB must not
be in admin party mode.
> PROTOCOL=http
> DOMAIN="127.0.0.1:5984"
> DB=testdb
> # admin credentials for db creation
> ADMIN=admin:secure
> # this user must have an empty roles array
> USER=user:secure
> curl -XDELETE $PROTOCOL://$ADMIN@$DOMAIN/$DB
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/foo -d '{"count":1}'
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/_design/foo -d '{ "views": { "bar": { "map":
"function(doc) { emit(doc._id, null); }" } }, "lists": { "bar": "function(head, req) { return
req.userCtx.name || \"anonymous\" }" }}'
> curl -s $PROTOCOL://$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
> curl -s $PROTOCOL://$USER@$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> This issue is important for standalone CouchDB applications which use list functions
depending on the user context, eg. showing a login button or username.
> regards
> Johannes
> PS: I tried to write a javascript test case but this issue can only be reproduced if
the server is not in admin party mode, which the test suite requires. I am not so familar
with those tests to temporarily change the admin party.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message