couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <...@iriscouch.com>
Subject Re: [VOTE] Apache CouchDB 1.2.0 release, first round
Date Sun, 12 Feb 2012 01:45:42 GMT
On Sun, Feb 12, 2012 at 4:04 AM, Randall Leeds <randall.leeds@gmail.com> wrote:
> Huh...
>
> On Feb 10, 2012 7:01 PM, "Jason Smith" <jhs@iriscouch.com> wrote:
>>
>> On Sat, Feb 11, 2012 at 3:06 AM, Randall Leeds <randall.leeds@gmail.com>
> wrote:
>> > On Feb 9, 2012 6:09 PM, "Randall Leeds" <randall.leeds@gmail.com> wrote:
>> >>
>> >> On Thu, Feb 9, 2012 at 17:48, Jason Smith <jhs@iriscouch.com> wrote:
>> >> > Hi, Noah. When I saw it hit Git, I realized it was a breaking change,
>> >> > and I asked around. If memory serves, Randall happened to be on at
> the
>> >> > time and he asked me the same question you just did. I said I never
>> >> > saw an RFC email and that's when he realized it was not done
> publicly.
>> >>
>> >> I was aware the entire time, but I think the motivation is sound and
>> >> it needed to be done. A couple committers spoke up to say we didn't
>> >> think it was sensitive enough to warrant the private discussion but
>> >> ultimately there was broad consensus on the implementation and the
>> >> change itself. One of those (let us all celebrate) extremely rare
>> >> times where there wasn't opportunity for broad community input.
>> >>
>> >> Creating a view on _users that pulls the relevant parts of a user
>> >> document out is the way forward for public profiles, I think.
>> >> If someone would write a blog post showing how that works it'd be
>> >> great. In retrospect this would have been a great thing to do weeks
>> >> ago. Lesson learned.
>> >
>> > Just to be clear I don't want to dismiss your concerns. If you believe
> this
>> > needs a config option rather than just documentation now is a good time
> to
>> > speak up loudly since the vote was aborted.
>>
>> Thanks. I am concerned. To me, the change is noteworthy but not a
> showstopper.
>>
>> I tested your suggestion, however I do not think it is possible.
>> Non-admins cannot access a view.
>
> That's news to me. I didn't catch that before. Is this necessary for any
> reason? Shouldn't the design actions themselves enforce whatever they need
> to?

Since _users is the only database of this kind (_replicator uses a
different policy, right?) I agree with you. _design/_auth should have
a view that everyone can access. I'm unsure but at the moment I'm
thinking a view that you can simply activate via Futon.

function(doc) {
  // User-serviceable code
  var enabled = false // Set to true to reveal usernames
  var whitelist = [] // Add keys to reveal here.

  // Not user-serviceable code
  if(!enabled)
    return

  var val = {}
  whitelist.forEach(function(key) {
    if(key in doc)
      val[key] = doc[key]
  })

  emit(doc._id, val)
}

-- 
Iris Couch

Mime
View raw message