Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 8645 invoked from network); 29 Jan 2009 21:00:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 29 Jan 2009 21:00:46 -0000 Received: (qmail 89844 invoked by uid 500); 29 Jan 2009 21:00:43 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 89812 invoked by uid 500); 29 Jan 2009 21:00:43 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 89782 invoked by uid 99); 29 Jan 2009 21:00:43 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Jan 2009 13:00:43 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=FS_REPLICA,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of b.candler@pobox.com designates 207.106.133.19 as permitted sender) Received: from [207.106.133.19] (HELO sasl.smtp.pobox.com) (207.106.133.19) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Jan 2009 21:00:34 +0000 Received: from localhost.localdomain (unknown [127.0.0.1]) by a-sasl-fastnet.sasl.smtp.pobox.com (Postfix) with ESMTP id 1651994881 for ; Thu, 29 Jan 2009 16:00:11 -0500 (EST) Received: from mappit (unknown [80.45.95.114]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by a-sasl-fastnet.sasl.smtp.pobox.com (Postfix) with ESMTPSA id B845F94880 for ; Thu, 29 Jan 2009 16:00:10 -0500 (EST) Received: from brian by mappit with local (Exim 4.69) (envelope-from ) id 1LSdzd-0007Y0-4y for user@couchdb.apache.org; Thu, 29 Jan 2009 21:00:09 +0000 Date: Thu, 29 Jan 2009 21:00:09 +0000 From: Brian Candler To: user@couchdb.apache.org Subject: Re: Trouble with replication Message-ID: <20090129210009.GC28166@uk.tiscali.com> References: <20090128153026.GA12384@uk.tiscali.com> <6C6796D4-1766-4526-A9C1-A4872C935337@gmail.com> <20090128162332.GA13801@uk.tiscali.com> <20090128165433.GA14192@uk.tiscali.com> <20090128184531.GA15706@uk.tiscali.com> <9C0E9C8B-C783-47DE-8504-2CDC98650D99@apache.org> <20090129090318.GB6509@uk.tiscali.com> <91CE1D9D-2D5A-40BA-8D20-D24559BBA0F0@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <91CE1D9D-2D5A-40BA-8D20-D24559BBA0F0@apache.org> User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-Pobox-Relay-ID: D1320320-EE47-11DD-B9E5-CC4CC92D7133-28021239!a-sasl-fastnet.pobox.com X-Virus-Checked: Checked by ClamAV on apache.org >> No. Side effects in that function become would deeply confusing, as it >> runs during replication as well as for client-updates. >> > > Indeed. I had originally considered that replication would have to run as some sort of admin user, so that all updates propagate successfully. I can see that replicating as a normal user could useful in "peer-to-peer" applications, but does this not introduce another sort of replication conflict: a change is made on A but cannot replicate to B because access controls prevent it? >From the experiments I've seen so far, conflicts only occur on the *incoming* side; so no conflict would be marked on the A side. > My thinking to fill in the gap is we will provide something like a > server side stored procedure ... > { > id:"_design/foo", > procs:{ > update_article: "function(editDoc, userCtx) {var prevDoc = > load_prev_rev(editDoc); add_diffs(editDoc, prevDoc}; save(editDoc)}" > }, Looks sensible. Is this similar to action.js ? Would you expect save(editDoc) to bypass access controls? That would let me use access controls to block direct PUTs to the document, whilst the stored procedure could make whatever updates it needs, even though it was called from an unprivileged userCtx. Regards, Brian.