couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Higham <mar...@ocastalabs.com>
Subject Re: Implementing Authorization control for Self-Enrollers in a pure Couchapp
Date Mon, 01 Aug 2011 17:40:42 GMT
Take a look at my example service in github

http://github.com/ocasta/CouchDB-Selfservice



On 1 August 2011 18:19, Jan Wedekind <jan.wedekind@gmail.com> wrote:

> On Tue, Jul 19, 2011 at 02:12, Randall Leeds <randall.leeds@gmail.com
> >wrote:
>
> > > ---------- Forwarded message ----------
> > > From: Alex Aitken <aaitken@alexaitken.net>
> > > Date: Thu, Jul 14, 2011 at 4:19 PM
> > > Subject: Implementing Authorization control for Self-Enrollers in a
> > > pure Couchapp
> > > To: dev@couchdb.apache.org
> > >
> > >
> > > What's the best way using CouchDB's built-in
> > > authentication/authorization to set up self-enrollers as user type =
> > > reader? I understand there's a db/_security object, but not how to
> > > edit it/use it/update it... And if admins are the only ones capable
> > > editing roles, how does a self-enrolled user get these assigned?
> > > Thanks for thoughts,
> > > Alex Aitken
> >
> > You can edit the _security object by clicking on "Security..." at the
> > top of the futon page for a database. You should also be able to
> > GET/PUT /database/_security.
> >
> > The rules for updating roles and who can change what about user
> > documents are actually just implemented as a validate_doc_update
> > function in the _users database.
> > Check out /_users/_design/auth. You could special case "readers" for
> > self-enrollment in your deployment.
> >
>
> I am kind of stuck at the same problem. I've looked at
> /_users/_design/_auth, which was quite insightful, thanks a LOT for that
> simple comment here.
>
> Alex, do I get correctly that you meant changing the validation functions
> so
> that users could set e.g. one specific role "reading" without throwing the
> error that only the admin may do that? Do you have an example for that?
>
> Many thanks,
> Jan
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message