couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <>
Subject Re: [VOTE] Apache CouchDB 1.2.0 release, first round
Date Sat, 11 Feb 2012 03:00:37 GMT
On Sat, Feb 11, 2012 at 3:06 AM, Randall Leeds <> wrote:
> On Feb 9, 2012 6:09 PM, "Randall Leeds" <> wrote:
>> On Thu, Feb 9, 2012 at 17:48, Jason Smith <> wrote:
>> > Hi, Noah. When I saw it hit Git, I realized it was a breaking change,
>> > and I asked around. If memory serves, Randall happened to be on at the
>> > time and he asked me the same question you just did. I said I never
>> > saw an RFC email and that's when he realized it was not done publicly.
>> I was aware the entire time, but I think the motivation is sound and
>> it needed to be done. A couple committers spoke up to say we didn't
>> think it was sensitive enough to warrant the private discussion but
>> ultimately there was broad consensus on the implementation and the
>> change itself. One of those (let us all celebrate) extremely rare
>> times where there wasn't opportunity for broad community input.
>> Creating a view on _users that pulls the relevant parts of a user
>> document out is the way forward for public profiles, I think.
>> If someone would write a blog post showing how that works it'd be
>> great. In retrospect this would have been a great thing to do weeks
>> ago. Lesson learned.
> Just to be clear I don't want to dismiss your concerns. If you believe this
> needs a config option rather than just documentation now is a good time to
> speak up loudly since the vote was aborted.

Thanks. I am concerned. To me, the change is noteworthy but not a showstopper.

I tested your suggestion, however I do not think it is possible.
Non-admins cannot access a view.

$ curlp http://admin:admin@localhost:5984/_users/_design/public -d
'{"views":{"all":{"map":"function(doc) { emit(doc._id, doc) }"}}}'

$ curl -i http://user:user@localhost:5984/_users/_design/public/_view/all
HTTP/1.1 403 Forbidden
Server: CouchDB/1.2.0 (Erlang OTP/R15B)
Date: Sat, 11 Feb 2012 02:57:43 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 102
Cache-Control: must-revalidate

{"error":"forbidden","reason":"Only admins can access design document
actions for system databases."}

Iris Couch

View raw message