couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wendall Cada <wenda...@83864.com>
Subject Re: userCtx extra information
Date Thu, 30 Aug 2012 20:33:37 GMT
On 08/30/2012 12:08 PM, Robert Newson wrote:
> "An example of this is a comments thread moderator. They need permissions to edit portions
of a doc that doesn't belong to them. Is it proposed that I just make everyone an admin?"
>
> No. You would invent a role called "moderator". You would assign this to users you wish
to be moderators, and your validate_doc_update function would prevent users who don't have
the "moderator" role from editing portions of docs that don't belong to them.
My example here is bad, trying to keep it simple. I understand that this 
would be done through validation. The situation is that I have non-admin 
roles where the user can create other users, assign users to specific 
roles. This is necessary for our use-case. Is there a way to do this in 
a non-admin role? Or are there ways to have different levels of 
administrators?

A better example is that you'd have a lead moderator. They have a 
non-admin account. They need to be able to add other users to the 
moderator role. This type of question comes up frequently, and this type 
of behavior combined with attributes which are typically stored in the 
userCtx and reside in the users session allow for fine grained control 
of user behavior without having to use admin accounts for anything but 
creating databases and other admin accounts.

Maybe my understanding of this is completely incorrect here. But I'm not 
seeing any way possible to replace a third party authentication system 
with CouchDB except for the most simplistic situations possible.

Wendall
> B.
>
> On 30 Aug 2012, at 19:38, Wendall Cada wrote:
>
>> An example of this is a comments thread moderator. They need permissions to edit
portions of a doc that doesn't belong to them. Is it proposed that I just make everyone an
admin?


Mime
View raw message