On 27 Apr 2011, at 14:56, Kevin R. Coombes wrote: > So it would be possible to have access to a view that allows you see a doc > that you don't have permission to see? Or am I misinterpreting something?
That was my question, but Benoit basically said "no". His approach is to disallow access of a view that is defined in a design document that you have no permission to read. Cheers Jan -- > > On 4/27/2011 4:43 PM, Benoit Chesneau wrote: >> On Wed, Apr 27, 2011 at 11:33 PM, Jan Lehnardt<[email protected]> wrote: >>> On 27 Apr 2011, at 03:36, Benoit Chesneau wrote: >>> >>>> I'm thinking to add simple permissions handling to a doc by using >>>> _uid, _gid, _mod members to a doc where members are defined like this: >>>> >>>> _uid: user owning the doc >>>> _gid: group owning the doc >>>> _mod: octal number, doc mode bits corresponding to chmod(1) values. >>>> >>>> By doing this and if enable in settings we could do simple acl >>>> handling like a file system when getting doc. access to views would be >>>> handled by the access to the design doc containing them. >>>> >>>> thoughts? >>> http://mail-archives.apache.org/mod_mbox/couchdb-dev/201010.mbox/%[email protected]%3e >>> >>> How does this address the issue where a reduced value doesn't have an ACL >>> associated with it? >>> >>> Cheers >>> Jan >>> -- >> you can't access to the view or reduce if yu don't have access to the >> design doc in my design. So we don't try to check permissions for each >> docs. >> >> - benoƮt
