incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Goodlad <da...@goodlad.ca>
Subject Changing the default _auth validation function
Date Wed, 13 Jan 2010 22:35:34 GMT
Hi all

I'm toying with the recently-updated auth code (good work Chris!), and
am considering making some small changes to te default validation
function in the _auth design document. These changes are specific to
my application. Is it reasonable to make changes to that doc and
assume that it won't be overwritten by couch?

The changes I'm making might also be useful to others, so I'll
describe them here.

In my application, there are many databases, one for every 'business'.
A business will have many users, of which at least one is a 'manager'
who is essentially an admin for that database only. If the business's
database name is "foobar", then the manager's user document in _users
would have a role "foobar:manager". In my validation functions in the
business database I check for roles prefixed with userCtx.db.

I need to allow managers to add other users, including other managers,
to the business, so I'm planning to modify the validation function in
the users database to allow managers to modify roles with the same
prefix as their database name.

Does this sound like a reasonable plan?

Dave

Mime
View raw message