Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 785F1105B5 for ; Wed, 19 Feb 2014 12:03:13 +0000 (UTC) Received: (qmail 70872 invoked by uid 500); 19 Feb 2014 12:03:12 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 70723 invoked by uid 500); 19 Feb 2014 12:03:12 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 70715 invoked by uid 99); 19 Feb 2014 12:03:12 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Feb 2014 12:03:12 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of kxepal@gmail.com designates 74.125.82.41 as permitted sender) Received: from [74.125.82.41] (HELO mail-wg0-f41.google.com) (74.125.82.41) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Feb 2014 12:03:05 +0000 Received: by mail-wg0-f41.google.com with SMTP id l18so3998673wgh.2 for ; Wed, 19 Feb 2014 04:02:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=VKvOLe+wkqh/5ApKsKXGMKLEFeEx3rNbAFMphwtyLMU=; b=GIFS8RrIAYxUewQxsUPoKzN/QYZcB/2qtevvX9WsTzNLFzeQ/cGqSG/qKh+v3JamP2 Dyl8v8XGE+hOpCSNpjbgEUNia90m86sRgBrCJqfu9KgpZZzVNpTpvDsWVGsiCZnIZWCM eiby3JDF4AAJ+0WZoIH3GLNyLXmWOHIjhHQqdnxUxCV0iY81rZvx0iix1G4pqEXkE8S5 6mFPdjB7Iy3WBEJoqVSSeAfWG06uXFwSsQteOdE+Rl5ONpuV618sf4H0Vbkfe3csCRmO IkqLGFd8yQPN42BgFoJbTSe6zf62U01hwiLOyKw/O8BASk/8/0FbowolwNF9UACdRwXb a/Lg== MIME-Version: 1.0 X-Received: by 10.180.188.229 with SMTP id gd5mr1092372wic.54.1392811365382; Wed, 19 Feb 2014 04:02:45 -0800 (PST) Received: by 10.180.20.135 with HTTP; Wed, 19 Feb 2014 04:02:45 -0800 (PST) In-Reply-To: References: <3AD8B31E-1BED-41CC-AEF6-D3A873E4CC28@apache.org> Date: Wed, 19 Feb 2014 16:02:45 +0400 Message-ID: Subject: Re: Capturing UserCtx automatically From: Alexander Shorin To: "dev@couchdb.apache.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org On Wed, Feb 19, 2014 at 3:59 PM, Jan Lehnardt wrote: > On 19 Feb 2014, at 11:42 , Alexander Shorin wrote: > >> On Wed, Feb 19, 2014 at 2:24 PM, Robert Samuel Newson >> wrote: >>> validate_doc_update(oldDoc, newDoc, userCtx) { >>> >>> if (newDoc.audit_trail[0].user !=3D userCtx.name) { >>> throw({forbidden: "You didn=E2=80=99t add your name to the audit tra= il!"}); >>> } >>> =E2=80=A6 >>> } >> >> There is one issue with such approach: replications. You will not be >> able to replicate documents which has different username in >> audit_trail from those one who runs the replication. Or, to be more >> detailed, you'll replicate fine all documents till the design document >> which brings this validation function to your database and after that >> you'll only able to store documents which matches replication's user. > > You could add the replication user to the validation function and keep > the original author. Sure, I could. But this would be tricky and unclear for other users that just wanted to grab the data from CouchDB. -- ,,,^..^,,,