[
https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12930114#action_12930114
]
Filipe Manana commented on COUCHDB-912:
---------------------------------------
Dale, looks a lot better now.
Only 3 things left:
1) For JavaScript code, the CouchDB convention is to use 2 spaces for each
indentation level. Also, the test should probably go into the design_docs.js
file. I don't think such a small test should go into a separate file (others
may disagree);
2) Besides validating the patch, don't you want to make sure the access is only
allowed for GET requests? Because like it is now, it seems to me that anonymous
users are allowed to add (PUT) attachments to the design doc;
3) The is_design_attachment function could still be left out, and instead have
do_db_req/2 like:
case {Anon, RestParts, Req#httpd.method} of
{"true", [ <<"_design">>, _DdocName, <<C:8, _/binary>> | _ ], 'GET'} when C =/=
$_ ->
fun couch_db:open_int/2;
_ ->
fun couch_db:open/2
end
This makes it simple and shorter imho.
Good work!
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, attachment_permissions.js
>
>
> Right now people need to go through futon in order to login to couchapps
> running on private databases, this is a pretty big limitation on the type of
> couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for
> anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
