couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Goodlad <da...@goodlad.ca>
Subject Re: Changing the default _auth validation function
Date Wed, 13 Jan 2010 23:15:32 GMT
On Thu, Jan 14, 2010 at 9:53 AM, Chris Anderson <jchris@apache.org> wrote:
>> Does this sound like a reasonable plan?
>
> This sounds reasonable, but maybe we can make it easier.

I like easier :)

> You could almost model the manager as a db_admin, but you probably
> don't want them editing design documents. So what you need is a set of
> roles that apply to particular users, in the context of a particular
> database. Maybe it makes more sense to store the db-roles within the
> db itself?
>
> I think this is the use case for the security object. (Just a 4th
> argument to the validation function, which is a document loaded from
> the database the validation runs from)
>
> We should ask Damien to weigh in on the _namespace to use for the
> document (should it be local?), and how to store the info.

That would definitely fit my situation nicely. I'd actually prefer to
manage the roles within the database that they apply to, it just makes
more sense.

I'd think that the document could be 'any old document', with the only
requirement being that it have a specific id (_auth? _security?).
There could be some conventions, but I don't really see why couch
should enforce any structure on that document. The db designer could
then write his own validation functions to ensure that only specific
users/roles could update that document (probably require _admin to
create it in the first place, though).

> Glad to have you on the list, Dave.

I've been quietly lurking for a couple of weeks now, finally decided
to show my face :)

Dave

Mime
View raw message