Return-Path: 
 <user-return-17288-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 03CB27A6D
	for <apmail-couchdb-user-archive@www.apache.org>;
 Mon,  1 Aug 2011 17:41:13 +0000 (UTC)
Received: (qmail 9999 invoked by uid 500); 1 Aug 2011 17:41:11 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 9950 invoked by uid 500); 1 Aug 2011 17:41:10 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 9942 invoked by uid 99); 1 Aug 2011 17:41:10 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Aug 2011 17:41:10 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of martinh@gmail.com designates
 209.85.212.52 as permitted sender)
Received: from [209.85.212.52] (HELO mail-vw0-f52.google.com) (209.85.212.52)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Aug 2011 17:41:04 +0000
Received: by vws16 with SMTP id 16so6567649vws.11
        for <user@couchdb.apache.org>; Mon, 01 Aug 2011 10:40:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type;
        bh=FIs9hjqA0CIS4k/LKoey+ApRWV+JgPBaGFkZG2dRdL0=;
        b=v5057Rpns2DDzmRtuM8IrRMKNWoZm38sk/0aIe+L/vocaPBrifYqg6j2btTBB9AIrw
         C1cD/80uuXqFyKBdA9StFEQ80u4C1M4CRAkqU3iQU0gAAFaAv6GrgGRHObhWnmqSPJ2/
         za+FNBDidTUXZm0ejcRWN+DjBDJZRdoTP1EeM=
MIME-Version: 1.0
Received: by 10.52.93.52 with SMTP id cr20mr4829374vdb.81.1312220442993; Mon,
 01 Aug 2011 10:40:42 -0700 (PDT)
Sender: martinh@gmail.com
Received: by 10.52.107.200 with HTTP; Mon, 1 Aug 2011 10:40:42 -0700 (PDT)
In-Reply-To: 
 <CALnFx5pV9BOudpxgSjZxiUCFJZxMbA2puFPwQmGVaYnGazmpbg@mail.gmail.com>
References: 
 <CAD4-b-BqZREu_hGR0BCrd8_YxKReQcB_gvBbd4Hc9b6ZVXqUiw@mail.gmail.com>
	<CAD4-b-CB3mJx+syS7OU2XWmRU=OdG1gsT-yHa3Ke2UB-PcuK2w@mail.gmail.com>
	<CAAL6JQjMLkfQTQETPWE2btxSMZDpucUwowgC-p1X1MaLApCXjg@mail.gmail.com>
	<CALnFx5pV9BOudpxgSjZxiUCFJZxMbA2puFPwQmGVaYnGazmpbg@mail.gmail.com>
Date: Mon, 1 Aug 2011 18:40:42 +0100
X-Google-Sender-Auth: 8VAXAF9O6DytPTyPrT9xe5gPZG4
Message-ID: 
 <CADR1q3DdF--Qo1H+kryAA8JkopyEgtnEhjqSbdN1buWxyZVu_g@mail.gmail.com>
Subject: Re: Implementing Authorization control for Self-Enrollers in a pure
 Couchapp
From: Martin Higham <martin@ocastalabs.com>
To: user@couchdb.apache.org
Content-Type: multipart/alternative; boundary=20cf307f307e5f246604a9752143
X-Virus-Checked: Checked by ClamAV on apache.org

--20cf307f307e5f246604a9752143
Content-Type: text/plain; charset=ISO-8859-1

Take a look at my example service in github

http://github.com/ocasta/CouchDB-Selfservice



On 1 August 2011 18:19, Jan Wedekind <jan.wedekind@gmail.com> wrote:

> On Tue, Jul 19, 2011 at 02:12, Randall Leeds <randall.leeds@gmail.com
> >wrote:
>
> > > ---------- Forwarded message ----------
> > > From: Alex Aitken <aaitken@alexaitken.net>
> > > Date: Thu, Jul 14, 2011 at 4:19 PM
> > > Subject: Implementing Authorization control for Self-Enrollers in a
> > > pure Couchapp
> > > To: dev@couchdb.apache.org
> > >
> > >
> > > What's the best way using CouchDB's built-in
> > > authentication/authorization to set up self-enrollers as user type =
> > > reader? I understand there's a db/_security object, but not how to
> > > edit it/use it/update it... And if admins are the only ones capable
> > > editing roles, how does a self-enrolled user get these assigned?
> > > Thanks for thoughts,
> > > Alex Aitken
> >
> > You can edit the _security object by clicking on "Security..." at the
> > top of the futon page for a database. You should also be able to
> > GET/PUT /database/_security.
> >
> > The rules for updating roles and who can change what about user
> > documents are actually just implemented as a validate_doc_update
> > function in the _users database.
> > Check out /_users/_design/auth. You could special case "readers" for
> > self-enrollment in your deployment.
> >
>
> I am kind of stuck at the same problem. I've looked at
> /_users/_design/_auth, which was quite insightful, thanks a LOT for that
> simple comment here.
>
> Alex, do I get correctly that you meant changing the validation functions
> so
> that users could set e.g. one specific role "reading" without throwing the
> error that only the admin may do that? Do you have an example for that?
>
> Many thanks,
> Jan
>

--20cf307f307e5f246604a9752143--