ok.. after installing CORS, i can now query stored couchdb views using
pouchdb.
and i can keep my couchdb safe using the reverse proxy features of nginx.
i'll use pouchdb mirror to keep the traffic to the couchdb low,
but for this permissions thing i have one final hurdle to clear :
you pass parameters to a view using pouchdb's 'key' parameter, like so :
var db = new PouchDB('http://rene:notrevealed@localhost
:5984/sa_tree');
db.query('treeUsername/treeUsername', {key : 'rene'}).then(function
(result) {
debugger;
}).catch(function (err) {
// handle any errors
debugger;
});
but suppose you have permissions listed as such in a document :
"permissions": {
"groups_read": [ "administrators" ],
"groups_write": [ "administrators" ],
"groups_delete": [ "administrators" ],
"users_read": [ "rene" ],
"users_write": [ "rene" ],
"users_delete": [ "rene" ]
}
then what would you emit in the view's map function?
ideally, i would be able to check with a single view, any of the
permission's fields (groups_read, etc) if it contains a specific user or
group..
i have no clue how to do that with an emit statement instead of being able
to pass parameters directly into the view function. in the latter case, i
could just use permissions.users_read.indexOf('rene')===-1 to determine
that 'rene' is not in permissions.users_read
can someone please please explain to me how to do this with the emit() and
key: architecture?
On Wed, Jul 25, 2018 at 8:37 PM Rene Veerman <[email protected]>
wrote:
> ok how would i do that in pouchdb .query() and .find() ?
>
> can't find it anywhere in the docs :(
>
> On Wed, Jul 25, 2018 at 6:58 PM Joan Touzet <[email protected]> wrote:
>
>> Yes, as can Mango queries, which are faster and easier to use.
>>
>> ----- Original Message -----
>> From: "Rene Veerman" <[email protected]>
>> To: [email protected]
>> Sent: Wednesday, July 25, 2018 6:43:19 AM
>> Subject: Re: permissions specific to each document?
>>
>> can views accept parameters? like a username to check permissions for?
>>
>> On Wed, Jul 25, 2018 at 11:48 AM Rene Veerman <[email protected]>
>> wrote:
>>
>> > and how about using custom users and groups (roles) tables, combined
>> with
>> > view functions that query permissions settings in docs?
>> > that way my CMS' users and groups stay seperate from couchdb's, which
>> can
>> > be seen as a plus, i think.
>> > but i am worried about accesses to my couchdb using credentials found in
>> > my javascript and accesses of the data without using the assigned view
>> > functions.
>> >
>> > i'm not sure db-per-user has been properly debugged already; it was
>> broken
>> > in 2.10 and the current version is 2.1.2
>> >
>> > On Tue, Jul 24, 2018 at 9:45 PM Jan Lehnardt <[email protected]> wrote:
>> >
>> >> On top of what Joan mentioned, we’re planning per-doc permissions
>> >> for 3.0, but it’s ways out, so don’t wait for it. But if db-per-user
>> >> is good enough for now, you’ll be able to upgrade to the new model
>> >> later.
>> >>
>> >> Best
>> >> Jan
>> >> —
>> >>
>> >> > On 24. Jul 2018, at 20:34, Joan Touzet <[email protected]> wrote:
>> >> >
>> >> > Right now, there is no document-level security in CouchDB unless you
>> >> enforce
>> >> > it yourself using a proxy server of some sort. You can then enable
>> the
>> >> proxy
>> >> > authentication solution in CouchDB and handle all of the permissions
>> >> yourself.
>> >> >
>> >> > Note that this breaks down if you want to allow end users to
>> replicate
>> >> to and
>> >> > from the databases, or use the bulk endpoints. VDU functions
>> generally
>> >> aren't
>> >> > sufficient to enforce detailed levels of modifications to documents.
>> >> >
>> >> > You'll want to look into the database-per-user approaches for
>> CouchDB,
>> >> > including the built-in "couch_peruser" functionality we provide. This
>> >> lets you
>> >> > have a single database per user, and use the power of replication to
>> >> replicate
>> >> > that user's data to (or from) a central database for later analytics
>> >> work if
>> >> > you need.
>> >> >
>> >> > -Joan
>> >> >
>> >> > ----- Original Message -----
>> >> > From: "Rene Veerman" <[email protected]>
>> >> > To: [email protected]
>> >> > Sent: Tuesday, July 24, 2018 1:56:28 PM
>> >> > Subject: permissions specific to each document?
>> >> >
>> >> > is this possible in couchdb?
>> >> >
>> >> > suppose i have a database 'tree node data',
>> >> > and several roles defined in the couchdb.
>> >> >
>> >> > i'd like to be returned only those tree node documents that the
>> current
>> >> > user may access.
>> >> >
>> >> > in general, i'd like to outsource my entire CMS' users and roles and
>> >> > permissions system to couchdb. is this possible, and if so, what's
>> the
>> >> best
>> >> > way to go about it?
>> >>
>> >> --
>> >> Professional Support for Apache CouchDB:
>> >> https://neighbourhood.ie/couchdb-support/
>> >>
>> >>
>>
>
