To detail this better... I mean something to let app devs the chance to produce these kind of views and rewriting rules:
a view emitting such these keys: [["bob",...], ...] [["bob",...], ...] [["alice",...], ...] [["alice",...], ...] or also [["manager",...], ...] [["manager",...], ...] [["author",...], ...] [["author",...], ...] where "bob" and "alice" are user docs in the db, while "manager" and "author" are roles and to define rewriting rules like the following: { "from" : "/userdocs", "to" : "_view/userdocs", "query": { "startkey": [ ":userCtx.name", { } ], "endkey": [ ":userCtx.name", ], "reduce":"false", "descending": "true", "include_docs": "true" } }, or { "from" : "/roledocs", "to" : "_view/roledocs", "query": { "startkey": [ ":userCtx.roles[0]", { } ], "endkey": [ ":userCtx.roles[0]", ], "reduce":"false", "descending": "true", "include_docs": "true" } }, where every ":userCtx.name" and ":userCtx.roles[*]" are rewritten by the _rewrite engine, or better woudl be overwritten to prevent users from providing their own values as query string parameters. Benefits could be: - security at view-level (withouth touching the view engine?!), so app devs won't have to learn a new way of writing views - performance?! Is a view only approach effectively faster than view/list? 2015-05-08 18:21 GMT+02:00 Giovanni Lenzi <g.le...@smileupps.com>: > Hi everyone, > > I would like to write down some ideas I had, because there is high > probability I'm going to forgot them soon :) > > This idea targets a way to implement server-side security by using views > only, instead of view+list. If possible, It may open up a wide range of new > possibilities for app devs. > > Given that views know nothing about userCtx, is it possible to enhance the > _rewrite engine to create/overwrite a reserved dynamic variable, named > ":userCtxName" with the value of userCtx.name? This variable could then be > effectively used within the "to" or "query" rewriting rule attributes, as > example, to perform read ACL at view level directly. > > More generally the question is: can _rewrite engine be improved to include > userCtx concepts? Which could be the drawbacks? > > Ok, ideas finished. I won't bother you anymore. :) > > -- > Giovanni Lenzi > www.smileupps.com > Smileupps Cloud App Store > -- Giovanni Lenzi www.smileupps.com Smileupps Cloud App Store