incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Changing the default _auth validation function
Date Wed, 13 Jan 2010 23:18:52 GMT
On Wed, Jan 13, 2010 at 3:15 PM, David Goodlad <david@goodlad.ca> wrote:
> On Thu, Jan 14, 2010 at 9:53 AM, Chris Anderson <jchris@apache.org> wrote:
>>> Does this sound like a reasonable plan?
>>
>> This sounds reasonable, but maybe we can make it easier.
>
> I like easier :)
>
>> You could almost model the manager as a db_admin, but you probably
>> don't want them editing design documents. So what you need is a set of
>> roles that apply to particular users, in the context of a particular
>> database. Maybe it makes more sense to store the db-roles within the
>> db itself?
>>
>> I think this is the use case for the security object. (Just a 4th
>> argument to the validation function, which is a document loaded from
>> the database the validation runs from)
>>
>> We should ask Damien to weigh in on the _namespace to use for the
>> document (should it be local?), and how to store the info.
>
> That would definitely fit my situation nicely. I'd actually prefer to
> manage the roles within the database that they apply to, it just makes
> more sense.
>
> I'd think that the document could be 'any old document', with the only
> requirement being that it have a specific id (_auth? _security?).
> There could be some conventions, but I don't really see why couch
> should enforce any structure on that document. The db designer could
> then write his own validation functions to ensure that only specific
> users/roles could update that document (probably require _admin to
> create it in the first place, though).

Yes I think it could be a regular document. And I think we discussed
earlier that it should replicate normally.

>
>> Glad to have you on the list, Dave.
>
> I've been quietly lurking for a couple of weeks now, finally decided
> to show my face :)
>
> Dave
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message