Hello Clément, I can't really tell you if couchDB is the best fit for your project, but what i CAN tell you is how a colleague and I solved the problem concerning per document authorization.
The application we wrote for our Master's Thesis is a Personal Information Manager for Android. We wanted to implement synch and replication with as little hassle to the user as possible. So we devised a system that at least lets us simulate per-document authorization. What we did was: 1.) Generate a user database on the phone. 2.) Register this user with a small RESTful webservice we wrote 3.) The webservice generates 2 databases at the couchDB server, one that is private and to which only the registered user has access, and (if it doesn't yet exist) a master "repository" database, to wich only the database admin has access 4.) Add replication between user database on the phone and private user database on the server, where you replicate everything. 5.) Next, we write views, that we add to the user-master replication mechanism, so that a.) every document from the private user database gets replicated to the master database b.) every document from the master database that adheres to a specific scheme (in our case we have a property called users, in which every authorized user is listed) is replicated back to the private database That way, we can ensure that the private database of the user only contains documents that he is allowed to see, and every shared document by this user gets replicated automatically to every authorized user. I am aware that there are some solutions similar to this floating around on the net, and you may or may not have already dismissed them as too complicated, but I can assure you, once this system is set up, it works like a charm. If you have any further questions, I would be happy to answer them (at least to the extent of my knowledge ;-) ) Kind regards, Philipp 2011/4/21 Clément Vollet <[email protected]> > Hi, I sent this email yesterday, but it didn't seem to arrive at > destination (I wasn't suscribed at that time). So here I go again: > > Hello everybody, > > First of all, I want to say that I'm quite impressed with couchDB so far > (I didn't know anything about it two days ago...). > > Second, I'd really want to use it for my app (I stumbled upon couchdb > searching for a database that fits my requirements in fact). I managed to > cross a few items off my list, but I'm still not sure couchDB is a good > fit, and my boss wants an answer by tomorrow^W monday. > > So, to summarize what I want to do (it's really simple in fact): I'd > want to be able to have a list of public documents, have a list of tags > definition (name, default value, possible values...), and then users can > *privately* tag those documents. So, the items and the tag definitions > are public, the tag values are private. And finally, I'd like to be able > to have stats on those values, like XX% of the users used the same value > for this document and this tag. > > And that's it. It would be in a phone app, and I'd really like to use > replication to have a client cache for values and an offline mode. There > would of course also be a central server for bootstrap, updates, > reliability, ... > > So, CouchDB seems like a really good fit, but I'm stuck on the privacy > thing. What I came with so far, was to have separate documents for > items, tags, and tag values, but how can I make sure only the user who > wrote the value can read it without per document authorization (I > already read the wiki page about that, but none of the solution seems > ideal)? > > Best regards, > > Clément > >
