On Sun, Jan 24, 2010 at 09:33:02PM -0800, Chris Anderson wrote:
> To round out this list, I think
>
> * Reader ACLs
...
>
> look like they will make it into 0.11.
That's the jchris/readeracl branch presumably?
I was hoping to turn my counter-proposal(*) into code, but I've not had any
time to do so unfortunately.
Regards,
Brian.
(*) which was, in summary:
1. user record has roles like "foo:_reader" or ["foo","_reader"]
2. _anon user has roles of "<db>:_reader" for all public databases
3. you can read database foo only if you have one of
"foo:_reader", "foo:_admin", "_reader" or "_admin" roles
4. /_all_dbs lists only those databases to which you or _anon have read access
(but shows every database if you have _reader or _admin roles)
5. userdb validate_doc_update allows someone with "foo:_admin" to add and
remove roles foo:*. Also "foo:_manager" to add and remove roles foo:*
apart from foo:_admin
