arturog commented on PR #4673: URL: https://github.com/apache/couchdb/pull/4673#issuecomment-1710208649
> We currently have validate_doc_update where you can implement any kind of write control logic, but no equivalent for reads (or view queries besides the deprecated _list option). If Javascript were evaluated more efficiently (c.f, the quickjs embedding idea) we might add that. We implemented a fork of CouchDB with exactly that (a `validate_doc_read`), with code written in Erlang. We also added our own `validate_doc_write` in Erlang before the JS one kicks in. If extended, I believe it can provide not only this feature, but much more. Also, the issue of leaking out data in indices (specially to the lucene index) lead me to limit indexing to only public fields -- so the field-access was also born. Indices in CouchDB were kept untouched, and though all views had the full set of `_id`s, on document access (or requesting the full document via views), you would get `<unauthorized>`. Our implementation was not meant to present a "subset" of documents, but instead control access to the document. Perhaps the requirement to present a *subset* of the database needs to be revisited? If this requirement were to be dropped, things might become easier. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
