couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Broerse <martin.broe...@gmail.com>
Subject Re: _users overwritte _design/_auth
Date Fri, 13 Jan 2017 16:50:41 GMT
Hi Max,

I am thinking about doing something similar with openWhisk. You can create
a "users-to-delete" database only some users can write usernames to. On
change to this database an openWhisk Action can delete the usernames
specified in this "users-to-delete" database with full admin rights and
remove the usernames on success.

Just my 2 cents.

- Martin

On Fri, Jan 13, 2017 at 3:15 PM, max <maxima078@gmail.com> wrote:

> Hi,
> I need to allow some users to delete other users without being a CouchDB
> Administrator. To do that I updated _users/_design/_auth to change the
> '_admin' check to:
> if ((userCtx.roles.indexOf('_admin') !== -1) ||
> (userCtx.roles.indexOf('manager') !== -1 &&
> userCtx.roles.indexOf(oldDoc.databases[0]) !== -1) ||
>             (userCtx.name == oldDoc.name)) {
>             return;
>         } else {
>             throw ({
>                 forbidden: 'Only admins may delete other user docs.'
>             });
>         }
> It works but sometimes CouchDB reset this _design/_auth document. I've read
> in doc this design doc cannot be modified but I couldn't find another way
> to achieve this.
> Is there a way to prevent CouchDB to do that ?  Or another way to do what
> I'm trying to do ?
> I'm using CouchDB 1.4.
>
> Thanks.
>
> Max.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message