couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Gabriel <a...@barbalex.ch>
Subject Re: Implementing Authorization control for Self-Enrollers in a pure Couchapp
Date Mon, 01 Aug 2011 19:56:45 GMT
VERY helpful
Thank you!
Alex
Am 01.08.2011 19:41 schrieb "Martin Higham" <martin@ocastalabs.com>:
> Take a look at my example service in github
>
> http://github.com/ocasta/CouchDB-Selfservice
>
>
>
> On 1 August 2011 18:19, Jan Wedekind <jan.wedekind@gmail.com> wrote:
>
>> On Tue, Jul 19, 2011 at 02:12, Randall Leeds <randall.leeds@gmail.com
>> >wrote:
>>
>> > > ---------- Forwarded message ----------
>> > > From: Alex Aitken <aaitken@alexaitken.net>
>> > > Date: Thu, Jul 14, 2011 at 4:19 PM
>> > > Subject: Implementing Authorization control for Self-Enrollers in a
>> > > pure Couchapp
>> > > To: dev@couchdb.apache.org
>> > >
>> > >
>> > > What's the best way using CouchDB's built-in
>> > > authentication/authorization to set up self-enrollers as user type =
>> > > reader? I understand there's a db/_security object, but not how to
>> > > edit it/use it/update it... And if admins are the only ones capable
>> > > editing roles, how does a self-enrolled user get these assigned?
>> > > Thanks for thoughts,
>> > > Alex Aitken
>> >
>> > You can edit the _security object by clicking on "Security..." at the
>> > top of the futon page for a database. You should also be able to
>> > GET/PUT /database/_security.
>> >
>> > The rules for updating roles and who can change what about user
>> > documents are actually just implemented as a validate_doc_update
>> > function in the _users database.
>> > Check out /_users/_design/auth. You could special case "readers" for
>> > self-enrollment in your deployment.
>> >
>>
>> I am kind of stuck at the same problem. I've looked at
>> /_users/_design/_auth, which was quite insightful, thanks a LOT for that
>> simple comment here.
>>
>> Alex, do I get correctly that you meant changing the validation functions
>> so
>> that users could set e.g. one specific role "reading" without throwing
the
>> error that only the admin may do that? Do you have an example for that?
>>
>> Many thanks,
>> Jan
>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message