couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Wedekind <jan.wedek...@gmail.com>
Subject Re: Implementing Authorization control for Self-Enrollers in a pure Couchapp
Date Mon, 01 Aug 2011 17:19:58 GMT
On Tue, Jul 19, 2011 at 02:12, Randall Leeds <randall.leeds@gmail.com>wrote:

> > ---------- Forwarded message ----------
> > From: Alex Aitken <aaitken@alexaitken.net>
> > Date: Thu, Jul 14, 2011 at 4:19 PM
> > Subject: Implementing Authorization control for Self-Enrollers in a
> > pure Couchapp
> > To: dev@couchdb.apache.org
> >
> >
> > What's the best way using CouchDB's built-in
> > authentication/authorization to set up self-enrollers as user type =
> > reader? I understand there's a db/_security object, but not how to
> > edit it/use it/update it... And if admins are the only ones capable
> > editing roles, how does a self-enrolled user get these assigned?
> > Thanks for thoughts,
> > Alex Aitken
>
> You can edit the _security object by clicking on "Security..." at the
> top of the futon page for a database. You should also be able to
> GET/PUT /database/_security.
>
> The rules for updating roles and who can change what about user
> documents are actually just implemented as a validate_doc_update
> function in the _users database.
> Check out /_users/_design/auth. You could special case "readers" for
> self-enrollment in your deployment.
>

I am kind of stuck at the same problem. I've looked at
/_users/_design/_auth, which was quite insightful, thanks a LOT for that
simple comment here.

Alex, do I get correctly that you meant changing the validation functions so
that users could set e.g. one specific role "reading" without throwing the
error that only the admin may do that? Do you have an example for that?

Many thanks,
Jan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message