couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Geddes <>
Subject no 'writers' section in _security killing me
Date Mon, 11 Jul 2011 04:21:53 GMT
I keep running into a few recurring themes that make couchapps just not
scale for me. I believe that with just a few extra CouchDB features, the
couchapp model could scale to encompass ANY web application.

The missing feature that is currently bumming me out is the lack of a
writers section in the _security object of a database. Here are a few
examples where I've wanted this feature:

1. User feedback. I'd love to just throw up a simple couchapp with a
database that anyone can write to, but only certain users (or a certain
role) can read from. I can't do this currently because if a user can write
to a given database, they can also read from that database.
2. A sort of voting feature on an app where users should be able to cast
their votes, but not see other users' votes. I can easily ensure that each
user only gets one vote in the validation by making sure the _id on the vote
document matches the user's id. Here I have the same problem as the previous
example. But Also, I can't *really* constrain each user to just one vote
because if the user can write to the database, then they are an admin and
they can change the design doc such that it no longer limits them to one
vote. Then they can vote arbitrarily many times.
3. A messaging system where anyone can write to anyone else's message
database, but not read each others' messages. This is a more general case of
the first example.

I know that I can implement all of these things if I use some kind of
middleware, but it pains me to add additional complexity just for a feature
that I believe should be built-in. I also don't want to leave the couchapp
model, because I believe that once I've thrown middleware in front of couch,
it loses its biggest advantage (in my use cases) over its competitors: i'm
no longer querying it directly from the client.

I would love to see the writers section of _security implemented. In fact,
I've been trying to find a way to contribute to CouchDB, and I might take a
whack at implementing this feature myself. Would others find this feature
useful? Is such a feature already on the way? Are there other ways (besides
middleware) of getting these features that I'm too dense to have thought of?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message