Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 7009 invoked from network); 13 Sep 2009 05:17:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Sep 2009 05:17:19 -0000 Received: (qmail 86118 invoked by uid 500); 13 Sep 2009 05:17:17 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 86045 invoked by uid 500); 13 Sep 2009 05:17:17 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 86035 invoked by uid 99); 13 Sep 2009 05:17:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Sep 2009 05:17:17 +0000 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jchris@gmail.com designates 209.85.216.181 as permitted sender) Received: from [209.85.216.181] (HELO mail-px0-f181.google.com) (209.85.216.181) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Sep 2009 05:17:08 +0000 Received: by pxi11 with SMTP id 11so1669196pxi.17 for ; Sat, 12 Sep 2009 22:16:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=jszDzYDccFeKaPzqIfPEr1VIfPzi4PjueAYVygaqIck=; b=wNBHf3YOkTYVyAG+bTcdeO5AQUGdDiFq3VEbEa62BGWFEwXYR16mdIZt7h+PAeGxGS IjaskN9NxZWhhKlvXKVooDaSHfaQvdDkWwgWRZ4W5DMYgTC6I7zV54xqZZCvNnBh3FHU A+5KZVnWkc0vd5OuNyHEoV1B+kHmu9uoJL4SA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=hOjAmilSyTCL4uV235DsmwF1x0dJ5bBdVLhIUgyK4ZmBfX+rNXsvmw/DuFPq95JfG3 zCxXg4GWuq71C+7NFWnEwLA+04L7SeFIZ9yKwx24Ep7J1fVp8Jy1rKjgyyJZrKjmJPlo /5mJlu340oL5P5LS0LC1colIi4JBYh0BDkkG4= MIME-Version: 1.0 Sender: jchris@gmail.com Received: by 10.140.158.3 with SMTP id g3mr811037rve.181.1252819007990; Sat, 12 Sep 2009 22:16:47 -0700 (PDT) In-Reply-To: <8b1c89270909120747r4245de68v6cd543e1787c3ea8@mail.gmail.com> References: <8b1c89270909120747r4245de68v6cd543e1787c3ea8@mail.gmail.com> Date: Sat, 12 Sep 2009 22:16:47 -0700 X-Google-Sender-Auth: 4de84208d55fd490 Message-ID: Subject: Re: CouchDB Validation function and security API .. From: Chris Anderson To: user@couchdb.apache.org, dghosh@acm.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh wrote: > Hi - > > The validation function validate_doc_update takes 3 parameters, newdoc, > olddoc and userContext. I am trying to get my head into how the > authentication and authorization stuff is related to this. The CouchDB bo= ok > has the following code snippet in 7.2.4 Authorship section .. > function(newDoc, oldDoc, userCtx) { > =A0if (newDoc.author) { > =A0 =A0enforce(newDoc.author =3D=3D userCtx.author, > =A0 =A0 =A0"You may only update documents with author " + userCtx.author)= ; > =A0} > } > > In my linux environment, when I run CouchDB validation functions with a > user-id and password setup in local.ini under [admins], I get the followi= ng > as the contents of the third parameter of the validation function :- > > {"db" : "test", "name" : null, "roles" : []} > > In the above snippet from the book there appears to be a field > userCtx.author. Just wondering how to get it here and why I am not seeing= it > in my output. > heh, thanks for the catch.. It should read: enforce(newDoc.author =3D=3D userCtx.name > Also any pointer on the security, authentication and authorization part w= ill > be appreciated. > I'm not sure, but you should be getting more when you are properly logged in -- this is worth investigating more. What do you get for this?: $ curl http://jchris:mysecretpassword@localhost:5984/_session {"ok":true,"name":"jchris","roles":["_admin"]} > Thanks in advance .. > - Debasish > --=20 Chris Anderson http://jchrisa.net http://couch.io