On Mon, Sep 20, 2010 at 12:34 AM, Randall Leeds <[email protected]> wrote: > On Thu, Sep 9, 2010 at 12:19, James Jackson <[email protected]> wrote: >> Hi all, >> >> Moving this from the users forum, as it appears what I'm after isn't >> currently available. For the security model I with to implement in a >> production CouchDB cluster, I would like to be able to force a field to be >> written to all docs based on the user context. The _update functionality is >> not what I am after as it requires the user to actually call it when writing >> a document (means security could be got-around by not calling this, and >> setting the required field in the passed document to something arbitrary, >> which would then not get caught by a validation function), and can't modify >> a document which is passed to it (as far as I can tell it can only modify >> existing documents, or create new ones). > > Is the rewrite handler powerful enough to force normal PUT operations > to go through an _update function? Would this break replication? Just > a quick, off-the-cuff thought. > A _rewrite rule can have a `method` property. So you can redirect differently based on the request method (GET, POST, PUT, ...). So yes, it's eventually possible to mimic the CouchDB api behind a _rewrite/ .
- benoit
