mikerhodes commented on issue #1554: Additional Mango-based update handler / VDU functionality URL: https://github.com/apache/couchdb/issues/1554#issuecomment-412856429 @janl should your JSON snippet be (i..e, with the `schema` and `authorization` top level fields): ``` { "schema": { "whitelist": [ "type", "datetime", "others....." ], ... }, "authorization": [ { "author": { "$eq": "$userCtx.name" }, "throw": "you can’t update other user’s docs." } ] } ``` Also, I used American spelling for "authorization". Suggestion: - I think for clarity, splitting out the selector and action in the authorization field as @wohali suggests means you can avoid the ambiguity of field name vs. processing instruction. Collapsing them together feels confusing to me. Questions: - What would happen when replicating to older db versions that don't understand some part of the validation (e.g., didn't understand `formats` part of `schema`)? Be lenient (ignore bits not understood) or strict (fail validation when can't process the whole set of instructions)? - There's an information leak possible: write-only users can discern document shape by observing error messages for schema. - Perhaps an optional `throw` clause which would allow the user to override default error to prevent this leakage.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
