From user-return-6359-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Wed Sep 09 03:04:29 2009 Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 73118 invoked from network); 9 Sep 2009 03:04:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 9 Sep 2009 03:04:29 -0000 Received: (qmail 55198 invoked by uid 500); 9 Sep 2009 03:04:28 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 55069 invoked by uid 500); 9 Sep 2009 03:04:27 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 55059 invoked by uid 99); 9 Sep 2009 03:04:27 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Sep 2009 03:04:27 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jchris@gmail.com designates 209.85.222.171 as permitted sender) Received: from [209.85.222.171] (HELO mail-pz0-f171.google.com) (209.85.222.171) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Sep 2009 03:04:17 +0000 Received: by pzk1 with SMTP id 1so244417pzk.17 for ; Tue, 08 Sep 2009 20:03:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=9q4u0LGGPYeqEaemQi6+P2oeUxCkb6Tj581GZAW5UWU=; b=U1mz0ulybUhjcWr3KYJne6S0AZ0Jk9XsoHFmZOF0CixwcgtB3bilBVMfrzbjGPp9lx mrFcsAT/isodRUTb49C3RL1vW1ur5dmmS4WTyIbFClCOUkLs8jZOTYDNY3ueIvhGfYZn 71ExNqXsN132Prex+E3hMVIuFPd1KZ3MJhXzk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=Ev1O0dpboTwJU6wBRou0YFghXM1Up+WsbHFJ1bPw5mQD09B3SHes0bnfy1YVWI4BJn zA44U/WW94BeFjMb4UK7I/1ycwLpUiSZFlcUDOrmaEaR0i/H84xsz29PXxi6tio/+UsG rGH7KclEvrwruoTrhKneJ5F4o482lBQ1yi0A8= MIME-Version: 1.0 Sender: jchris@gmail.com Received: by 10.141.20.16 with SMTP id x16mr3527715rvi.299.1252465436816; Tue, 08 Sep 2009 20:03:56 -0700 (PDT) In-Reply-To: References: Date: Tue, 8 Sep 2009 20:03:56 -0700 X-Google-Sender-Auth: a077fd5cf183831f Message-ID: Subject: Re: Authentication Questions From: Chris Anderson To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Aaron, You could probably get it done with the built-in validation functions. There are some missing pieces (like non-admin roles) but even without those you can enforce anonymous users to be read-only. Chris On Tue, Sep 8, 2009 at 11:51 AM, Aaron Quint wrote: > Thanks, Jason! Thats great news. Let me know if theres a git branch to > follow or if you need any help testing. > --AQ > > Aaron Quint > http://www.quirkey.com > > > > On Tue, Sep 8, 2009 at 1:30 PM, Jason Davies wrote= : >> Hi Aaron, >> >> I'm working on this as we speak, in particular being able to set particu= lar >> roles on a per-db basis. =A0As part of this I will be adding a way to se= t the >> default (anonymous user) role e.g. if you want read-only access for >> non-logged-in users. >> >> I will let you know on this thread when I have something ready for testi= ng. >> >> Cheers, >> -- >> Jason Davies >> >> www.jasondavies.com >> >> On 8 Sep 2009, at 18:09, Aaron Quint wrote: >> >>> I've been working on a fun couchapp type full javascript app built on >>> CouchDB that I hope to unveil at jQuery Conf this weekend. >>> The biggest piece left is getting some kind of >>> authentication/authorization in place so that I can actually put it on >>> a server for other people to use/play with. I've been using/testing >>> with 0.10 locally and since the wiki doesnt have much up to date info, >>> I've found the best resource to be the JS tests. >>> >>> So questions: >>> - If I'm not logged in as a specific user /_session returns >>> {"ok":true,"name":null,"roles":["_admin"]} >>> Which means that as a guest I have admin privileges. If I set >>> require_valid_user =3D true, though I have to be logged in to view any >>> document. Is there any way to change the roles of the default user? >>> Ideally if I wasnt logged in as a specific user I could only have read >>> access so I could still view documents and see a page where I could >>> log in. >>> - If I'm logged in as read only I still have access to the users >>> database - is there anyway to prevent this? >>> >>> I totally understand that the auth stuff is early days but any help >>> would be appreciated. I would love to be able to run this app and >>> couchdb on :80. >>> Thanks! >>> --AQ >>> >>> Aaron Quint >>> http://www.quirkey.com >> >> > --=20 Chris Anderson http://jchrisa.net http://couch.io