incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcello Nuccio <marcello.nuc...@gmail.com>
Subject Re: to CouchApp or not to CouchApp
Date Tue, 16 Aug 2011 12:54:25 GMT
2011/8/16 Jason Smith <jhs@iriscouch.com>:
> What are your requirements?
>
> 1. You have a database which is non-public. Users must log in first,
> no exceptions. Okay, so: private data.
> 2. You have a web page (the login prompt) which is public. Anonymous
> users must access it. Okay, so: public data.
>
> To me, that sounds like two databases, and three roles: anonymous,
> normal, and developer.
>
> 1. The welcome_mat database. Effectively this is an open-source app.
>  * Readable by the public: _security.readers = []
>  * No updates allowed by anonymous users
>  * No updates allowed by normal users
>  * Yes updates if ("developer" in userCtx.roles)
>
> 2. The private_stuff database, has all of your application data and
> design docs except the welcome mat.
>  * Not readable by the public: _security.readers = ["normal", "developer"]
>  * Updates by anonymous users is not possible [1]
>  * Yes updates by normal users: ("normal" in userCtx.roles)
>  * No updates by developers: ("developer" in userCtx.roles) // that
> role is for software updates only

I did exactly this and published my little dirty hack more than two months ago:
https://bitbucket.org/marcenuc/cerbero

But it does not work with CouchDB-1.1.

However you gave me an idea to workaround the problem: put the full
app into "welcome_mat", with the exception of "validate_doc_update"
which goes into "private_stuff". This forces me to publish the full
app, but it is good enough for me, since I only want to protect the
data.

Marcello

Mime
View raw message