couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Barnes <mrtr...@gmail.com>
Subject Re: Question about validator functions and replication
Date Thu, 24 Mar 2011 23:01:36 GMT
You're quite right, it would fail on replication. (And if you identified 
that issue solely from a hypothetical standpoint, well done)

The solution could be to give your replication user as 'replication' 
role, and have the validator function look something like:

function(newDoc, oldDoc, userCtx) {
	function to_object(arr) { obj = {}; for(var k in arr) obj[arr[k]] = 
true; return obj; }
if (newDoc.author) {
   if(newDoc.author != userCtx.name and !('replication' in 
to_object(userCtx.roles))) {
         throw("forbidden": "You may only update documents with author " 
+ userCtx.name});
   }
}

-Patrick

On 25/03/2011 4:46 AM, Nebu Pookins wrote:
> Hi,
>
> I'm reading "CouchDB The Definitive guide", and in the chapter on
> "Security" (http://guide.couchdb.org/editions/1/en/security.html),
> they give an example of how to limit write-access to certain documents
> based on its owner. The example validator function they give is:
>
> function(newDoc, oldDoc, userCtx) {
>    if (newDoc.author) {
>      if(newDoc.author != userCtx.name) {
>        throw("forbidden": "You may only update documents with author " +
>          userCtx.name});
>      }
>    }
> }
>
> If I understand correctly, userCtx is based on the HTTP request of the
> POST/PUT/DELETE request which is trying to modify some document: If
> I'm logged into couch, either via HTTP basic authentication, or
> cookies, or something along those lines, then my username will show up
> in the userCtx, and we simply do a string comparison to see if I'm the
> "author" of a given doc, and if so, then the business rule is that I
> should be allowed to change the doc.
>
> Elsewhere in the documentation, it mentions that validator functions
> are run not only when POST/PUT/DELETE requests are made, but also when
> replication occurs. What I'm confused about is what the value of
> userCtx would be during replication. To give a more concrete example:
>
> Let's say we have 2 couchDB servers running, called Server 1 and
> Server 2, and they've replicated with each other so that they both
> contain identical data: a set of blog posts.
>
> A user "Alice" logs onto server 1, and edits one of her blog posts.
> The validator function runs, and given that it's Alice that's logged
> on, the validator function checks that the blog post's "author" field
> is Alice, and assuming it is, it allows the update to occur.
> A user "Bob" also logs onto the same server, edits one of his blog
> posts, and again the validator allows it.
> Then both users log off, and go do something else (e.g. watch a movie,
> read a book, etc.)
>
> Now replication occurs: Server 2 will ask server 1 for a list of
> changes, and server 1 will report that two blog posts have been
> changed.
>
> Given that neither Alice nor Bob are connecting to server 2, it would
> seem that the userCtx variable would not contain either of their
> names, and thus the validation would reject the change, and
> replication would fail.
>
> i figure I must be misunderstanding something about how either
> validation or replication works, but I can't seem to figure out what
> from the documentation. Can someone help clarify this for me?
>
> Thanks,
> Nebu
>

Mime
View raw message