On Aug 2, 2009, at 5:10 AM, "Jason Davies (JIRA)" <[email protected]>
wrote:
[ https://issues.apache.org/jira/browse/COUCHDB-441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12738023#action_12738023
]
Jason Davies commented on COUCHDB-441:
--------------------------------------
Nice work Paul! One thing I noticed about your patch is that
_update expects a JSON body in the request. Can we remove this
requirement and make it so the function signature is simply (doc,
req, userCtx)? In my oauth branch I've modified
couch_httpd_external.erl to always populate req.userCtx so the
function signature will be even shorter when this gets merged.
Then we can do fun things like handle XML bodies in the request.
Had not contemplated that. If we go that direction then we'll probably
want to not have the docid in the URL as well. I'm not opposed so what
ever general consensus is is fine with me.
Finally implement pre-write-doc-edit handlers.
----------------------------------------------
Key: COUCHDB-441
URL: https://issues.apache.org/jira/browse/COUCHDB-441
Project: CouchDB
Issue Type: Improvement
Components: HTTP Interface
Affects Versions: 0.10
Reporter: Curt Arnold
Fix For: 0.10
Attachments: COUCHDB-441.patch
It would be useful for auditing to have the identity of the user
who inserted a new revision and the timestamp of the operation to
be inserted in the document in the same way that the new revision
number is.
Doing this at the application level is not adequate since it would
be readily spoofable and would bypass the authentication handler.
There is a comment in couch_db:update_docs about generating new
revision ids, but I couldn't quite comprehend what specific code
was responsible for inserting the id into the document.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
