Return-Path: 
 <user-return-21900-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 5B3F0D8DE
	for <apmail-couchdb-user-archive@www.apache.org>;
 Wed, 29 Aug 2012 20:05:47 +0000 (UTC)
Received: (qmail 51078 invoked by uid 500); 29 Aug 2012 20:05:45 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 50994 invoked by uid 500); 29 Aug 2012 20:05:45 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 50985 invoked by uid 99); 29 Aug 2012 20:05:45 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Aug 2012 20:05:45 +0000
X-ASF-Spam-Status: No, hits=0.3 required=5.0
	tests=FREEMAIL_REPLY,FSL_RCVD_USER,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of bchesneau@gmail.com
 designates 209.85.215.180 as permitted sender)
Received: from [209.85.215.180] (HELO mail-ey0-f180.google.com)
 (209.85.215.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Aug 2012 20:05:40 +0000
Received: by eaad13 with SMTP id d13so272509eaa.11
        for <user@couchdb.apache.org>; Wed, 29 Aug 2012 13:05:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=8A5tPyIIQRpNVmrgvfC0iac/5n8DNjbHIJrW4FERhVw=;
        b=dAbFCIbODc/bJiVbhTmNLxnmuV+9FAM6Gb64FIC46CXZ7n+qAzYRTy/L83rr51iBWQ
         RflAu29xm8DTs0Ms1rEgPlfXGtI56aj2WSX/iMQ25tEB8jhh4BxOrfFXvk1FL9eQ15UH
         RvGkfmnf5CgDq0nbJMbwlG3lzvpkcsgTW3xXDL6X9p3KCLytFFCJXasTYmb8Tk8dzNEo
         s7Y7I+jFXUeEA2a2/r36VF177kPkgrczl2+ozTCGQv/jvxKlBfB3LZlCZSoMkDXTmisB
         0ACaUnHA+p+0yQfgsnIHn134jsOQ/cs33V37Dwl2pCmH24XlmDb9onbF3AS9H4gHxmJZ
         NQPA==
MIME-Version: 1.0
Received: by 10.14.5.78 with SMTP id 54mr3560036eek.1.1346270718216; Wed, 29
 Aug 2012 13:05:18 -0700 (PDT)
Received: by 10.14.175.196 with HTTP; Wed, 29 Aug 2012 13:05:18 -0700 (PDT)
In-Reply-To: 
 <CAKNVnzycMA7N7w9jNgiAC6O-rj34F66J=28m1gt-0a8_AcTuew@mail.gmail.com>
References: <503CA33A.6080305@gmail.com>
	<CAJNb-9qEAr7tk4K5EPEcuM5RVxpS0iYSbo3QV49epoYXHs6WtA@mail.gmail.com>
	<CAHZBNKb4K0oatL-i-0SVN2W=xoGF1LijqCcR4Si6_-CdVSxBbg@mail.gmail.com>
	<CAJNb-9rXVM7vkZgK0=hErJ-BSuHzGp5r9mzkMJd8ryebLJqo8Q@mail.gmail.com>
	<CAKNVnzycMA7N7w9jNgiAC6O-rj34F66J=28m1gt-0a8_AcTuew@mail.gmail.com>
Date: Wed, 29 Aug 2012 22:05:18 +0200
Message-ID: 
 <CAJNb-9oT5s7T3cfnggN5nU6neT8rKyLe33Ay_bR==+8kCPDkig@mail.gmail.com>
Subject: Re: userCtx extra information
From: Benoit Chesneau <bchesneau@gmail.com>
To: user@couchdb.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

On Wed, Aug 29, 2012 at 9:54 PM, Gabriel Mancini
<gabriel.mancini@gmail.com> wrote:
> but can be nice have sume enable/disable behaviour for user. We could hav=
e anything once partial updates and fetch  will be here. But it's not the c=
ase right now :)

- benoit
>
> On Wed, Aug 29, 2012 at 4:39 PM, Benoit Chesneau <bchesneau@gmail.com>wro=
te:
>
>> On Wed, Aug 29, 2012 at 9:24 PM, Dave Cottlehuber <dave@muse.net.nz>
>> wrote:
>> > On 29 August 2012 08:21, Benoit Chesneau <bchesneau@gmail.com> wrote:
>> >> On Tuesday, August 28, 2012, Aliaksandr Barysiuk wrote:
>> >>
>> >>> Hello,
>> >>>
>> >>> We store some extra information in _users db and now we are looking =
a
>> way
>> >>> to populate session.userCtx with these extra values. Is it possible =
at
>> all?
>> >>>
>> >>> Thank you
>> >>>
>> >>> Alex
>> >>>
>> >>
>> >> user db isn't done for that. this db exists to authenticate users and
>> only
>> >> that. You should better save the profiles in another db. Also there i=
s
>> no
>> >> such things like session in couchdb by itself.
>> >>
>> >>
>> >> beno=EEt
>> >
>> > Any good reasons why we couldn't / shouldn't support something that
>> > eases this pain? Putting in a second db simply to store some basic
>> > profile info seems daft. And as others have found, you can store
>> > anything you like in roles.
>>
>> Well I think that storing anything in a role is a bug. We shouldn't
>> allow that and it should be fixed. Only a list of strings is expected
>> in the roles member. We should enforce that.
>>
>> For security reasons I don't think it's good to have more data in the
>> doc other than the login, roles, password and possibly anything about
>> permissions ( some would argue that the users db shouldn't exist at
>> all). You don't protect the same the access to a user doc or a a
>> profile doc. And the way it is designed right now  prevent any use of
>> this profile by others. Only the user or an admin can have access to
>> the doc. Which is good imo.
>>
>> - benoit
>>
>
>
>
> --
> Gabriel Mancini de Campos
> Arquiteto de Solu=E7=F5es
>
> +55 (11) 9449-1706
> gabriel.mancini@gmail.com
> S=E3o Paulo - SP - Brasil