On Fri, Aug 26, 2011 at 10:46 PM, Jason Smith <[email protected]> wrote: > On Sat, Aug 27, 2011 at 10:17 AM, Filipe David Manana > <[email protected]> wrote: >> On Fri, Aug 26, 2011 at 8:01 PM, Jason Smith <[email protected]> wrote: >>> 1. Does this require updating the replicator to update _local docs >>> correctly? >> >> Yes >> >>> 2. Only admins can change _security. But anybody with read access can >>> change _local/*. Does couch special-case _local/security? >> >> My preference: >> >> _security would become a regular document (just a special id, which >> starts with underscore). > > I vote: _local/security :P > > As-is, normal users could change the document (whatever its name). > > IMO, it should be a special case. Couch should breaks its own API a > little and require an admin to modify it. In other words, the HTTP API > gets simpler, document update logic gets more complex, for a net-win. > >> We can still cache the latest revision in the >> db header, db updater state, whatever. >> >> This _security document (or perhaps any other starting with underscore >> in the future), would only be replicable if the replication is >> triggered by some special user with some special role (_admin, >> _server_admin, whatever). >> >> Does it sound simple and satisfies people's needs? > > AFAIK, nobody wants security to ever replicate. Some people want to > manually "sync" them as an application feature. > > -- > Iris Couch >
Close. But I feel really, really dirty requiring admin access to specific documents. Admin write access to _design/* is already dirty enough.
