couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nebu Pookins <>
Subject Question about validator functions and replication
Date Thu, 24 Mar 2011 17:46:43 GMT

I'm reading "CouchDB The Definitive guide", and in the chapter on
"Security" (,
they give an example of how to limit write-access to certain documents
based on its owner. The example validator function they give is:

function(newDoc, oldDoc, userCtx) {
  if ( {
    if( != {
      throw("forbidden": "You may only update documents with author " +});

If I understand correctly, userCtx is based on the HTTP request of the
POST/PUT/DELETE request which is trying to modify some document: If
I'm logged into couch, either via HTTP basic authentication, or
cookies, or something along those lines, then my username will show up
in the userCtx, and we simply do a string comparison to see if I'm the
"author" of a given doc, and if so, then the business rule is that I
should be allowed to change the doc.

Elsewhere in the documentation, it mentions that validator functions
are run not only when POST/PUT/DELETE requests are made, but also when
replication occurs. What I'm confused about is what the value of
userCtx would be during replication. To give a more concrete example:

Let's say we have 2 couchDB servers running, called Server 1 and
Server 2, and they've replicated with each other so that they both
contain identical data: a set of blog posts.

A user "Alice" logs onto server 1, and edits one of her blog posts.
The validator function runs, and given that it's Alice that's logged
on, the validator function checks that the blog post's "author" field
is Alice, and assuming it is, it allows the update to occur.
A user "Bob" also logs onto the same server, edits one of his blog
posts, and again the validator allows it.
Then both users log off, and go do something else (e.g. watch a movie,
read a book, etc.)

Now replication occurs: Server 2 will ask server 1 for a list of
changes, and server 1 will report that two blog posts have been

Given that neither Alice nor Bob are connecting to server 2, it would
seem that the userCtx variable would not contain either of their
names, and thus the validation would reject the change, and
replication would fail.

i figure I must be misunderstanding something about how either
validation or replication works, but I can't seem to figure out what
from the documentation. Can someone help clarify this for me?


View raw message