couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Marino <mmar...@gmail.com>
Subject Re: How to implement system hooks
Date Tue, 24 Sep 2013 08:46:34 GMT
Hi Thorsten,

Apologies, I missed the comment on read.  In my experience, couchdb only
provides read access via the _security object, meaning that it's only an
"on" or "off" type of thing for a database.

I can't speak to the customization of the database (this may be a question
for the dev list), but perhaps you can get similar behavior using the show
and list functions:

http://wiki.apache.org/couchdb/Formatting_with_Show_and_List

These functions take a req so you can customize the output based upon
user/role.

Perhaps someone else could give an idea of how to force all reads to go
through the list function (rewrite, mod_rewrite, etc.).

Cheers,
Mike


On Tue, Sep 24, 2013 at 10:28 AM, Thorsten Scherler <scherler@gmail.com>wrote:

> On 09/23/2013 06:50 PM, Mike Marino wrote:
> > Hi Thorsten,
> >
> > I believe you're asking how to implement read/write permissions on a
> > database, but I'm a little bit confused by your subject.  If this is so,
> > the normal way is to use validate_doc_update functions in a design
> > document, e.g.:
> >
> >
> http://docs.couchdb.org/en/latest/ddocs.html#validate-document-update-functions
> >
> > http://guide.couchdb.org/editions/1/en/validation.html
> >
> > You will see the first link describes the code you linked to.
>
> Thank you Mike, but the above is only for UPDATE meaning write validation.
>
> However in
>
> https://github.com/apache/couchdb/blob/master/src/couchdb/couch_users_db.erl
> we are doing READ checks (if I understand the following code correctly)
>
> after_doc_read(Doc, #db{user_ctx = UserCtx} = Db) ->
>     #user_ctx{name=Name} = UserCtx,
>     DocName = get_doc_name(Doc),
>     case (catch couch_db:check_is_admin(Db)) of
>     ok ->
>         Doc;
>     _ when Name =:= DocName ->
>         Doc;
>     _ ->
>         Doc1 = strip_non_public_fields(Doc),
>         case Doc1 of
>           #doc{body={[]}} ->
>               throw(not_found);
>           _ ->
>               Doc1
>         end
>     end.
>
> My understanding is when we are the owner or admin of the doc we will
> get the doc. In case we have public fields we return only those
> otherwise we throw a 404.
>
> I would like to implement the exact same behaviour for a database I am
> developing.
>
> Regarding the subject my question is how can I implement above code
> either in a design document (my guess is that is not possible) or in a
> custom db?
>
> If the later then the question is how do I create my own
> couch_myOwn_db.erl and let couchdb know about the existence?
>
> TIA
>
> salu2
>
> --
> Thorsten Scherler <scherler.at.gmail.com>
> codeBusters S.L. - web based systems
> <consulting, training and solutions>
>
> http://www.codebusters.es/
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message