janl edited a comment on issue #1554: Additional Mango-based update handler / VDU functionality URL: https://github.com/apache/couchdb/issues/1554#issuecomment-412794194 I really like where this is going, great first draft! Quick initial notes up top: - I like the unification of VDU and _update into one thing that is logically “stuff that happens before a doc hits the db.” - I’d leave out `queries` in this example, this would open up having to handle cluster network error on the doc write path. We can revisit this at a later point, the current design here allows for an easy extension later on. I think it’ll simplify the already complex discussions required for a baseline feature (which I’m going to extend shortly). One further aspect that we should discuss the other use of VDUs. To recap, VDUs are used to enforce document schema (this is handled in this draft) and authorisation, where check doc contents against the context of `ctx`. http://docs.couchdb.org/en/stable/ddocs/ddocs.html#vdufun For Example: ```js function (newDoc, oldDoc, userCtx) { // in an authenticated request, userCtx.user is the authenticated username // so we can: if (oldDoc.author != userCtx.name) { throw({ forbidden: 'you can’t update other user’s docs.' }) } } ``` [`userCtx` Definition](http://docs.couchdb.org/en/stable/json-structure.html#userctx-object) In addition, there is a fourth parameter, the `secObj`, which is the database’s [`_security` object](http://docs.couchdb.org/en/stable/json-structure.html#security-object) ```js function (newDoc, oldDoc, userCtx, secObj) { if (secObj.members.names.indexOf(userCtx.name) === -1) { throw({ forbidden: 'you can’t update if you’re not a member.' }) // contrived example, you wouldn’t get to this part in the first place, because the _security check comes first, but you should get what is meant } } ``` We could argue that this could co-incide with the [security overhaul](https://github.com/apache/couchdb/issues/1504), which would take care of any authentication, and I’m happy to discuss this separately if needed, I just wanted to bring this up. Maybe the draft can be amended, so `fields` becomes `schema`, and we introduce `authorisation` as a new top level field: ```js { "fields": { "whitelist": ["type", "datetime", "ip_address", "station_name", "temperature", "RH%", "rain_gauge", "wind.speed", "wind.direction", "light", "battery.voltage", "battery.current", "line.voltage", "line.current", "solar.voltage", "solar.current", "register_total"], "blacklist": ["battery.wattage", "rain_gauge.*"], "formats": { "type": ["sensor_reading"], "datetime": { "$or": { "$format": "$iso8601", "$format": "$unixepoch", "$regex": "(\\d{2})-(\\d{2})-(\\d{2}) (\\d{2}):(\\d{2}):(\\d{2})" } }, "battery.voltage": "$float", "battery.current": "$float", "register_total": { "$regex": "^\\$\\d{1,9}\\.\\d{2}$" }, "wind.direction": {"$or": ["N", "NE", "E", "SE", "S", "SW", "W", "NW"]} ... }, "authorisation": [ { "author": { "$eq" : "$userCtx.name" }, "throw": "you can’t update other user’s docs." ]} } ``` where the line `"throw": "you can’t update other user’s docs."` is equivalent to the `throw({ forbidden: 'you can’t update other user’s docs.' })`-line from the first example above. `$secObj` would work similarly.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
