Return-Path: 
 <dev-return-11095-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-dev-archive@www.apache.org
Received: (qmail 19325 invoked from network); 6 Aug 2010 11:25:41 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 6 Aug 2010 11:25:41 -0000
Received: (qmail 31541 invoked by uid 500); 6 Aug 2010 11:25:41 -0000
Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org
Received: (qmail 31044 invoked by uid 500); 6 Aug 2010 11:25:37 -0000
Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@couchdb.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@couchdb.apache.org>
List-Post: <mailto:dev@couchdb.apache.org>
List-Id: <dev.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list dev@couchdb.apache.org
Received: (qmail 31036 invoked by uid 99); 6 Aug 2010 11:25:36 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Aug 2010 11:25:36 +0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=FREEMAIL_FROM,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of bchesneau@gmail.com
 designates 209.85.214.180 as permitted sender)
Received: from [209.85.214.180] (HELO mail-iw0-f180.google.com)
 (209.85.214.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Aug 2010 11:25:31 +0000
Received: by iwn4 with SMTP id 4so1749968iwn.11
        for <dev@couchdb.apache.org>; Fri, 06 Aug 2010 04:25:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:received:date:message-id
         :subject:from:to:content-type:content-transfer-encoding;
        bh=WwFrQN2WDPxytfF4XvmGotlOXkldZpbZ1sNRCDungXc=;
        b=nAaOtmUEhwpa+Ji4SB9DMs8hkhDLtYgYwcbyniNY5N028eB+S8axS5Rj2ubnqm2o+O
         C9Lu8oT1HzdNkeqxPFMrF/pV2ZAodp9hP82XjEyFAaDPEFpsVA1J4MFkdkPt/qvfKNLl
         RjKfn+jBnVN9AF4wL5YL5y0tdYW+zJxgXoCOs=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        b=otb1il3D61N4Mj9pSpAsmlg6+niSfgw3Z70jE9CcO+JGkc6EDfp1iOCPajqjXzTEsO
         iolUqp5EtV1ecEi8JHFSlhA7cYBV9Otz0XwLbtXdJ7eUph1D9NJhlPO3kLuOmYz24m5g
         ydCPOvIPedJbSitvcL2VmGemyZnn4n92IEoS8=
MIME-Version: 1.0
Received: by 10.231.166.9 with SMTP id k9mr13578774iby.127.1281093910997;
 Fri,
	06 Aug 2010 04:25:10 -0700 (PDT)
Received: by 10.231.172.4 with HTTP; Fri, 6 Aug 2010 04:25:10 -0700 (PDT)
Date: Fri, 6 Aug 2010 13:25:10 +0200
Message-ID: <AANLkTimEptvJCvPagJbEHDHyirh-7Tv+AFxtQaTrF9rR@mail.gmail.com>
Subject: path based authentification in rewriter
From: Benoit Chesneau <bchesneau@gmail.com>
To: dev@couchdb.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi all;

I've written this patch sometimes ago that add path authentification
to _rewrite handler :


http://github.com/benoitc/couchdb/commit/9c15cf8ed710db3805bd1a7d792ba53457=
cb9c48


So if you have a rule :

{
  "from": "/somepath",
  "to": "/path",
  "roles": ["_admin", "somerole"]
}

It will test user roles against this patch and allow the use to see the
result only if he's authorized. It handle only roles for now, but adding
usernames could be easy too.

Do you think It worth to make it upstream ? (ie commit it in trunk)

Let me know.

- beno=EEt