couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <...@iriscouch.com>
Subject Re: [VOTE] Apache CouchDB 1.2.0 release, first round
Date Sun, 12 Feb 2012 02:11:19 GMT
It would require further modifying the new "system database"
implementation, effectively to allow me to view (1) my document only,
and (2) not any other documents, UNLESS, (3) it is a design document
and I am hitting a view.

This is a security-sensitvie piece of code and not something to be rushed.

Finally, there is the question of community buy-in.

On Sun, Feb 12, 2012 at 9:00 AM, Noah Slater <nslater@tumbolia.org> wrote:
> How quickly could we get it in? Hours, days?
>
> On Sun, Feb 12, 2012 at 1:47 AM, Jason Smith <jhs@iriscouch.com> wrote:
>
>> Hi, Jason. Excellent idea! However I wouldn't say that is a blocker
>> for 1.2.0 either. It could go in 1.2.1.
>>
>> On Sun, Feb 12, 2012 at 8:45 AM, Jason Smith <jhs@iriscouch.com> wrote:
>> > Since _users is the only database of this kind (_replicator uses a
>> > different policy, right?) I agree with you. _design/_auth should have
>> > a view that everyone can access. I'm unsure but at the moment I'm
>> > thinking a view that you can simply activate via Futon.
>> >
>> > function(doc) {
>> >  // User-serviceable code
>> >  var enabled = false // Set to true to reveal usernames
>> >  var whitelist = [] // Add keys to reveal here.
>> >
>> >  // Not user-serviceable code
>> >  if(!enabled)
>> >    return
>> >
>> >  var val = {}
>> >  whitelist.forEach(function(key) {
>> >    if(key in doc)
>> >      val[key] = doc[key]
>> >  })
>> >
>> >  emit(doc._id, val)
>> > }
>>
>> --
>> Iris Couch
>>



-- 
Iris Couch

Mime
View raw message