can views accept parameters? like a username to check permissions for? On Wed, Jul 25, 2018 at 11:48 AM Rene Veerman <[email protected]> wrote:
> and how about using custom users and groups (roles) tables, combined with > view functions that query permissions settings in docs? > that way my CMS' users and groups stay seperate from couchdb's, which can > be seen as a plus, i think. > but i am worried about accesses to my couchdb using credentials found in > my javascript and accesses of the data without using the assigned view > functions. > > i'm not sure db-per-user has been properly debugged already; it was broken > in 2.10 and the current version is 2.1.2 > > On Tue, Jul 24, 2018 at 9:45 PM Jan Lehnardt <[email protected]> wrote: > >> On top of what Joan mentioned, we’re planning per-doc permissions >> for 3.0, but it’s ways out, so don’t wait for it. But if db-per-user >> is good enough for now, you’ll be able to upgrade to the new model >> later. >> >> Best >> Jan >> — >> >> > On 24. Jul 2018, at 20:34, Joan Touzet <[email protected]> wrote: >> > >> > Right now, there is no document-level security in CouchDB unless you >> enforce >> > it yourself using a proxy server of some sort. You can then enable the >> proxy >> > authentication solution in CouchDB and handle all of the permissions >> yourself. >> > >> > Note that this breaks down if you want to allow end users to replicate >> to and >> > from the databases, or use the bulk endpoints. VDU functions generally >> aren't >> > sufficient to enforce detailed levels of modifications to documents. >> > >> > You'll want to look into the database-per-user approaches for CouchDB, >> > including the built-in "couch_peruser" functionality we provide. This >> lets you >> > have a single database per user, and use the power of replication to >> replicate >> > that user's data to (or from) a central database for later analytics >> work if >> > you need. >> > >> > -Joan >> > >> > ----- Original Message ----- >> > From: "Rene Veerman" <[email protected]> >> > To: [email protected] >> > Sent: Tuesday, July 24, 2018 1:56:28 PM >> > Subject: permissions specific to each document? >> > >> > is this possible in couchdb? >> > >> > suppose i have a database 'tree node data', >> > and several roles defined in the couchdb. >> > >> > i'd like to be returned only those tree node documents that the current >> > user may access. >> > >> > in general, i'd like to outsource my entire CMS' users and roles and >> > permissions system to couchdb. is this possible, and if so, what's the >> best >> > way to go about it? >> >> -- >> Professional Support for Apache CouchDB: >> https://neighbourhood.ie/couchdb-support/ >> >>
