On 4/27/2011 5:48 PM, Jan Lehnardt wrote:
On 27 Apr 2011, at 15:43, Randall Leeds wrote:
On Wed, Apr 27, 2011 at 15:30, Jan Lehnardt<[email protected]> wrote:
On 27 Apr 2011, at 14:56, Kevin R. Coombes wrote:
So it would be possible to have access to a view that allows you see a doc that
you don't have permission to see? Or am I misinterpreting something?
That was my question, but Benoit basically said "no". His approach is to
disallow access of a view that is defined in a design document that you have no
permission to read.
Cheers
Jan
I think the answer is actually "yes". If you can see the design
document you can see everything the view emits, even if it came from a
document you can't view.
Hm, I was thinking that the view updater would match the design doc acl against
the doc acl when the view is created and exclude it if it doesn't match up for
reads.
Cheers
Jan
I think the real question is whether this puts the burden on the writer
of the view (to make sure that he doesn't emit a document that should be
protected) or whether Benoit's plan implies that the couch server would
enforce the protections for you which is what I think your answer implies).
