Hi, Am Sa., 12. Okt. 2019 um 11:31 Uhr schrieb Sebastien <[email protected]>:
> > At first I thought about implementing a sort of filtered replication of > _users to the clients so that they could have a local copy of the set of > users that they might need to interact with (e.g., user A would need to > have a subset of the information of users B, C and D locally so that he can > mention them, but should not have any information about users E and F). I would consider to differentiate between a person and an account (basically just username/password, maybe a password reset email which might differ from the visible email, ...), a user being a person with an account. That way, each database could have a copy of the persons with their information to enable mentioning the other person. I don't think it's a good idea to share the account data, containing the password hash with other users. A weak password is easy to brute force no matter how strong the hash is and people use weak passwords. > I also through about copying the user information subset in each database, > depending on who's a member, but that means additional logic upon each user > modification.. > > Is this doable in some way using only Couch or should I introduce a > middle-man between Couch and pouch to handle this access and the filtering? Didn't think this completely through, but I would introduce one (server side) database as authority for persons and have filtered replications from that to the other users databases. Depending on how many databases/usergroups you have you might get away with just replicating (filtered) persons from each database to each other database but i think this is only viable for a few databases/groups. This also depends on how users edit their personal information, does this happen in those shared databases, do they currently modify their _users document and send it to couchdb "online"? regards, Stefan
