couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: [VOTE] Apache CouchDB 1.2.0 release, first round
Date Sat, 11 Feb 2012 10:44:34 GMT
On Sat, Feb 11, 2012 at 4:00 AM, Jason Smith <jhs@iriscouch.com> wrote:
> On Sat, Feb 11, 2012 at 3:06 AM, Randall Leeds <randall.leeds@gmail.com> wrote:
>> On Feb 9, 2012 6:09 PM, "Randall Leeds" <randall.leeds@gmail.com> wrote:
>>>
>>> On Thu, Feb 9, 2012 at 17:48, Jason Smith <jhs@iriscouch.com> wrote:
>>> > Hi, Noah. When I saw it hit Git, I realized it was a breaking change,
>>> > and I asked around. If memory serves, Randall happened to be on at the
>>> > time and he asked me the same question you just did. I said I never
>>> > saw an RFC email and that's when he realized it was not done publicly.
>>>
>>> I was aware the entire time, but I think the motivation is sound and
>>> it needed to be done. A couple committers spoke up to say we didn't
>>> think it was sensitive enough to warrant the private discussion but
>>> ultimately there was broad consensus on the implementation and the
>>> change itself. One of those (let us all celebrate) extremely rare
>>> times where there wasn't opportunity for broad community input.
>>>
>>> Creating a view on _users that pulls the relevant parts of a user
>>> document out is the way forward for public profiles, I think.
>>> If someone would write a blog post showing how that works it'd be
>>> great. In retrospect this would have been a great thing to do weeks
>>> ago. Lesson learned.
>>
>> Just to be clear I don't want to dismiss your concerns. If you believe this
>> needs a config option rather than just documentation now is a good time to
>> speak up loudly since the vote was aborted.
>
> Thanks. I am concerned. To me, the change is noteworthy but not a showstopper.
>
> I tested your suggestion, however I do not think it is possible.
> Non-admins cannot access a view.
>
> $ curlp http://admin:admin@localhost:5984/_users/_design/public -d
> '{"views":{"all":{"map":"function(doc) { emit(doc._id, doc) }"}}}'
> {"ok":true,"id":"_design/public","rev":"1-f605d1ea7825645132f54a91a76a1ddc"}
>
> $ curl -i http://user:user@localhost:5984/_users/_design/public/_view/all
> HTTP/1.1 403 Forbidden
> Server: CouchDB/1.2.0 (Erlang OTP/R15B)
> Date: Sat, 11 Feb 2012 02:57:43 GMT
> Content-Type: text/plain; charset=utf-8
> Content-Length: 102
> Cache-Control: must-revalidate
>
> {"error":"forbidden","reason":"Only admins can access design document
> actions for system databases."}
>
Yes that's by design.

- benoƮt

Mime
View raw message