couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject proposal: Using the db hooks in other databases
Date Wed, 04 Jan 2012 09:52:36 GMT
Hi all,

Following is a quick proposal to implement support of hooks to other
databases. Let me know what you think about it. I would be be happy to
start the work on that.

- benoƮt


# Using the db hooks in other databases

## Definitons

Hooks
  `before_doc_update` & `after_doc_read` functions that could be
associated to a db object.

Db
  abbreviation of database.

## Goal

Today the db hooks are only used in the `_users` & `_replicator` dbs. It
would be good to generalize them to other dbs. Ie. an admin should be
abble to add these functions on any created dbs.

## Possible solutions

### In the design documents

We could like the validate_doc_update function, add such function to any
design documents. Function would be :


    function before_doc_update(Doc, UserCtx, SecObj) {

    }


    function after_doc_read(Doc, UserCtx, SecObj) {

    }


Then this functions will be processed in a loop. Processed functions
could return:

- `true` if nothing is changed
- a new doc or the doc  object
- an error witch will be raised.


While the `after_read_doc` coulc return


### In the security object.

Historically the `validate_doc_update` function is in the the design
document. But such functions could also be in the security object. The
above solution has the advantage to not change the way couchdb already
work.


## Optimisations

- on_changes & all_docs hooks. Actually these hooks are hardcoded in
  couch. We should change that to allow anyone to build its own security
system.

- If in JS, such functions should support the commonjs `require`
  feature.


## Example

### Dropbox

One usecase of such feature would allows to easily add a dropbox feature
to couch. In tis scenarion any user can drop a document, but only admins
can read it. It could be done by these functions:


    function after_doc_read(Doc, UserCtx, SecObj) {
        if (userCtx.roles.find("_admin") == -1)
            return {"forbidden": "you don't can't read docs in this
db"};
        }
    }

Here we also need an `on_all_docs` function:

    function on_all_docs(UserCtx, SecObjc) {
        if (userCtx.roles.find("_admin") == -1)
            return {"forbidden": "you don't can't read docs in this
db"};
        }
    }


and an `on_changes` function:

    function on_all_docs(UserCtx, SecObjc) {
        if (userCtx.roles.find("_admin") == -1)
            return {"forbidden": "you don't can't read docs in this
db"};
        }
    }

> **Note:** These functions could of course be in Erlang.

Mime
View raw message