couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <randall.le...@gmail.com>
Subject Re: [VOTE] Apache CouchDB 1.2.0 release, first round
Date Sat, 11 Feb 2012 21:04:26 GMT
Huh...

On Feb 10, 2012 7:01 PM, "Jason Smith" <jhs@iriscouch.com> wrote:
>
> On Sat, Feb 11, 2012 at 3:06 AM, Randall Leeds <randall.leeds@gmail.com>
wrote:
> > On Feb 9, 2012 6:09 PM, "Randall Leeds" <randall.leeds@gmail.com> wrote:
> >>
> >> On Thu, Feb 9, 2012 at 17:48, Jason Smith <jhs@iriscouch.com> wrote:
> >> > Hi, Noah. When I saw it hit Git, I realized it was a breaking change,
> >> > and I asked around. If memory serves, Randall happened to be on at
the
> >> > time and he asked me the same question you just did. I said I never
> >> > saw an RFC email and that's when he realized it was not done
publicly.
> >>
> >> I was aware the entire time, but I think the motivation is sound and
> >> it needed to be done. A couple committers spoke up to say we didn't
> >> think it was sensitive enough to warrant the private discussion but
> >> ultimately there was broad consensus on the implementation and the
> >> change itself. One of those (let us all celebrate) extremely rare
> >> times where there wasn't opportunity for broad community input.
> >>
> >> Creating a view on _users that pulls the relevant parts of a user
> >> document out is the way forward for public profiles, I think.
> >> If someone would write a blog post showing how that works it'd be
> >> great. In retrospect this would have been a great thing to do weeks
> >> ago. Lesson learned.
> >
> > Just to be clear I don't want to dismiss your concerns. If you believe
this
> > needs a config option rather than just documentation now is a good time
to
> > speak up loudly since the vote was aborted.
>
> Thanks. I am concerned. To me, the change is noteworthy but not a
showstopper.
>
> I tested your suggestion, however I do not think it is possible.
> Non-admins cannot access a view.

That's news to me. I didn't catch that before. Is this necessary for any
reason? Shouldn't the design actions themselves enforce whatever they need
to?

>
> $ curlp http://admin:admin@localhost:5984/_users/_design/public -d
> '{"views":{"all":{"map":"function(doc) { emit(doc._id, doc) }"}}}'
>
{"ok":true,"id":"_design/public","rev":"1-f605d1ea7825645132f54a91a76a1ddc"}
>
> $ curl -i http://user:user@localhost:5984/_users/_design/public/_view/all
> HTTP/1.1 403 Forbidden
> Server: CouchDB/1.2.0 (Erlang OTP/R15B)
> Date: Sat, 11 Feb 2012 02:57:43 GMT
> Content-Type: text/plain; charset=utf-8
> Content-Length: 102
> Cache-Control: must-revalidate
>
> {"error":"forbidden","reason":"Only admins can access design document
> actions for system databases."}
>
> --
> Iris Couch

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message