couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Disable purge? Also, hide all docs?
Date Tue, 30 Dec 2014 12:55:35 GMT

> On 30 Dec 2014, at 09:01 , Alexander Shorin <kxepal@gmail.com> wrote:
> 
> The easiest way is indeed to put CouchDB behind a proxy, but for
> _all_docs you can just remove this http endpoint from config by adding
> the following in your local.ini
> 
> [httpd_db_handlers]
> _all_docs =
> 
> Suddenly, for _purge you cannot do the same trick. However, you might
> want to open issue on JIRA about since this looks like is an unwelcome
> behaviour.

+1 to file an issue for this.


> --
> ,,,^..^,,,
> 
> 
> On Tue, Dec 30, 2014 at 6:38 AM, jumbo jim <jumbojim22@gmail.com> wrote:
>> Hi,
>> 
>> I don't want a particular user to be able to delete any documents - only
>> create/update. I have a design doc to prevent normal deletion -
>> 
>> function(newDoc, oldDoc, userCtx, secObj) {
>>    if ( (newDoc._deleted === true) && (userCtx.roles.indexOf('_admin') ===
>> -1) ) {
>> throw({forbidden: 'no way!'});
>>    }
>>    else{
>> return;
>>    }
>> }
>> 
>> However, the user can still purge! Is there a way to stop this?
>> 
>> Also, is there a way to hide all docs? ie, block this -
>> http://localhost:5984/DB/_all_docs
>> 
>> I know I could put a proxy in between and block/rewrite _purge or
>> _all_docs, but is there an easier way?
>> 
>> Thanks


Mime
View raw message