couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Samuel Newson <rnew...@apache.org>
Subject Re: Capturing UserCtx automatically
Date Wed, 19 Feb 2014 12:01:36 GMT

You could ensure all replications use a userCtx that has a role you don’t grant to any other
user. if userCtx.roles contains it, you just "return;"

Conversely, you could give all your users a particular role that you test for. if userCtx.roles
contains it, you apply all the auditing checks.

B.


On 19 Feb 2014, at 10:42, Alexander Shorin <kxepal@gmail.com> wrote:

> On Wed, Feb 19, 2014 at 2:24 PM, Robert Samuel Newson
> <rnewson@apache.org> wrote:
>> validate_doc_update(oldDoc, newDoc, userCtx) {
>> 
>>  if (newDoc.audit_trail[0].user != userCtx.name) {
>>    throw({forbidden: "You didn’t add your name to the audit trail!"});
>>  }
>>  …
>> }
> 
> There is one issue with such approach: replications. You will not be
> able to replicate documents which has different username in
> audit_trail from those one who runs the replication. Or, to be more
> detailed, you'll replicate fine all documents till the design document
> which brings this validation function to your database and after that
> you'll only able to store documents which matches replication's user.
> 
> --
> ,,,^..^,,,


Mime
View raw message