incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Kocoloski <adam.kocolo...@gmail.com>
Subject Re: New Security and Validation Features
Date Thu, 04 Dec 2008 03:06:08 GMT
On Dec 3, 2008, at 8:01 PM, Chris Anderson wrote:

> On Wed, Dec 3, 2008 at 10:55 AM, Adam Kocoloski
> <adam.kocoloski@gmail.com> wrote:
>>
>> Hi Damien, cool stuff.  Could we have it so that the user context  
>> passed to
>> the validation function includes a role of "_admin" if the user's  
>> name is in
>> the DB admins list?
>
> Why not just go all the way and include the full list of the user's  
> roles?

Hi Chris, that's the goal.  All the other roles are already being  
included in the context passed to the validation function.  DB admin  
is a bit of a special case since its a calculated quantity --  
specifically, a user is a DBA if there's a non-zero intersection  
between [#user_ctx.name | #user_ctx.roles] and #db.admins.

In the patch I appended _admin to the list of roles.  I didn't replace  
the existing ones.  Best,

Adam

Mime
View raw message