Huh... On Feb 10, 2012 7:01 PM, "Jason Smith" <[email protected]> wrote: > > On Sat, Feb 11, 2012 at 3:06 AM, Randall Leeds <[email protected]> wrote: > > On Feb 9, 2012 6:09 PM, "Randall Leeds" <[email protected]> wrote: > >> > >> On Thu, Feb 9, 2012 at 17:48, Jason Smith <[email protected]> wrote: > >> > Hi, Noah. When I saw it hit Git, I realized it was a breaking change, > >> > and I asked around. If memory serves, Randall happened to be on at the > >> > time and he asked me the same question you just did. I said I never > >> > saw an RFC email and that's when he realized it was not done publicly. > >> > >> I was aware the entire time, but I think the motivation is sound and > >> it needed to be done. A couple committers spoke up to say we didn't > >> think it was sensitive enough to warrant the private discussion but > >> ultimately there was broad consensus on the implementation and the > >> change itself. One of those (let us all celebrate) extremely rare > >> times where there wasn't opportunity for broad community input. > >> > >> Creating a view on _users that pulls the relevant parts of a user > >> document out is the way forward for public profiles, I think. > >> If someone would write a blog post showing how that works it'd be > >> great. In retrospect this would have been a great thing to do weeks > >> ago. Lesson learned. > > > > Just to be clear I don't want to dismiss your concerns. If you believe this > > needs a config option rather than just documentation now is a good time to > > speak up loudly since the vote was aborted. > > Thanks. I am concerned. To me, the change is noteworthy but not a showstopper. > > I tested your suggestion, however I do not think it is possible. > Non-admins cannot access a view.
That's news to me. I didn't catch that before. Is this necessary for any reason? Shouldn't the design actions themselves enforce whatever they need to? > > $ curlp http://admin:admin@localhost:5984/_users/_design/public -d > '{"views":{"all":{"map":"function(doc) { emit(doc._id, doc) }"}}}' > {"ok":true,"id":"_design/public","rev":"1-f605d1ea7825645132f54a91a76a1ddc"} > > $ curl -i http://user:user@localhost:5984/_users/_design/public/_view/all > HTTP/1.1 403 Forbidden > Server: CouchDB/1.2.0 (Erlang OTP/R15B) > Date: Sat, 11 Feb 2012 02:57:43 GMT > Content-Type: text/plain; charset=utf-8 > Content-Length: 102 > Cache-Control: must-revalidate > > {"error":"forbidden","reason":"Only admins can access design document > actions for system databases."} > > -- > Iris Couch
