Return-Path: 
 <user-return-4353-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 69781 invoked from network); 9 Apr 2009 15:39:38 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 9 Apr 2009 15:39:38 -0000
Received: (qmail 98669 invoked by uid 500); 9 Apr 2009 15:39:38 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 98613 invoked by uid 500); 9 Apr 2009 15:39:37 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 98603 invoked by uid 99); 9 Apr 2009 15:39:37 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Apr 2009 15:39:37 +0000
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=FS_REPLICA,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of jchris@gmail.com designates
 209.85.219.166 as permitted sender)
Received: from [209.85.219.166] (HELO mail-ew0-f166.google.com)
 (209.85.219.166)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Apr 2009 15:39:27 +0000
Received: by ewy10 with SMTP id 10so822987ewy.11
        for <user@couchdb.apache.org>; Thu, 09 Apr 2009 08:39:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:sender:received:in-reply-to
         :references:date:x-google-sender-auth:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=0yi/QL+EWHwdqrhhu4HmR8gsWfFLS+ZWu/3WZIar3YA=;
        b=epj3hrEAlmF7xv0alGKMn77s9ALpH1vzjzqfHuZziYni/34buDb99LtsgJQks4Xtja
         xKoJpDq0x0OV68kiY5MvluhZfBYUIKXj6QgyNUesYrkpiTqS2uZnCT17DFen/sRcj8Xs
         gB6Th2+YW9n6PG8S53NKHUDRJXsYJTKhdH7DU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        b=bVIFoF3mb53qwf5vA1Bp0cWPd/gH13l8pz9q8aOAvCn7Lw60DHSr3rnYcpgzrR2U68
         je5LkmklbHg3fnUseq1pXqSWoFOOdLqDzY3OzS/0hegXnZzQv4UoMBazJtAT12i7xQD/
         FHPrZsJuvnjHCUP7DsWOP2qgV7JUhe8SLt5e0=
MIME-Version: 1.0
Sender: jchris@gmail.com
Received: by 10.216.0.208 with SMTP id 58mr639929web.216.1239291546916; Thu,
	09 Apr 2009 08:39:06 -0700 (PDT)
In-Reply-To: <200904091632.03736.alexweb@gmail.com>
References: <200904091632.03736.alexweb@gmail.com>
Date: Thu, 9 Apr 2009 08:39:06 -0700
X-Google-Sender-Auth: 6da558e39c88f5cb
Message-ID: <e282921e0904090839x6705ebaencf504f2f5ff9e7a5@mail.gmail.com>
Subject: Re: Permissions and partial replication
From: Chris Anderson <jchris@apache.org>
To: user@couchdb.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

2009/4/9 Alexander <alexweb@gmail.com>:
> Hi folks
>
> I'm thinking about using couchDB for the next project, but I have a few
> questions regarding the possibility to replicate docs with permissions
> respect.
> Let me to start with an example. Lets's say we have a database which hold=
s a
> products. Each product is a document with a simple structure:
>
> Product
> {
> =A0 =A0 =A0 =A0"_id": 123,
> =A0 =A0 =A0 =A0"category":"category_id_here"
> =A0 =A0 =A0 =A0"name": "product1",
> =A0 =A0 =A0 =A0"description": "product1 description"
> }
>
> Category
> {
> =A0 =A0 =A0 =A0"_id": 123,
> =A0 =A0 =A0 =A0"name": "name"
> =A0 =A0 =A0 =A0"parent_id": "12"
> }
>
> Lets's say we have a category tree:
>
> brands /
> =A0 =A0 =A0 =A0some_brand1 /
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Product 1
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Product 2
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Product 3
> =A0 =A0 =A0 =A0some_brand2 /
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Product 5
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Product 6
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Product 7
>
> We also have a two managers: Manager1 is responsible for products in
> some_brand1 category and Manager2 is responsible for products in some_bra=
nd2
> category. Each person can manage products ONLY in his own category. Here =
is a
> small mockup of how we want to work.
> http://img209.imageshack.us/img209/5048/couchdb.png
>
> So each manager should be able to replicate data only from his own catego=
ry.
> Possible? Not possible? Will be possible in future?
>
>

You need to distinguish between read permissions and write
permissions. Currently it is possible to restrict changes to a given
document to users who are listed on that document itself. This
restriction will hold for inbound replication as well as local edits.
Outbound replication is just reading, which does not have access
control at this time.

Validation functions are applied on update, to local edits as well as
to inbound replication.


--=20
Chris Anderson
http://jchrisa.net
http://couch.io