Following up on this... I couldn't find any details on the userCtx parameter. All google searches led to Chris Anderson's post (http://jchrisa.net/drl/_design/sofa/_show/post/couchdb_edge__security_and_vali), which doesn't go into details.
Google led me to the Erlang code that generates the userCtx parameter (http://svn.apache.org/viewvc/couchdb/branches/rep_security/src/couchdb/couch_db.erl?view=markup). I don't have the Erlang fluency to decipher the purpose of the first three definitions of validate_doc_update, but the fourth definition seems to create a json string with the properties of db, name, and roles. validate_doc_update(#db{user_ctx=UserCtx, admins=Admins}, #doc{id= <<"_design/",_/binary>>}, _GetDiskDocFun) -> UserNames = [UserCtx#user_ctx.name | UserCtx#user_ctx.roles], % if the user is a server admin or db admin, allow the save case length(UserNames -- [<<"_admin">> | Admins]) == length(UserNames) of true -> % not an admin {unauthorized, <<"You are not a server or database admin.">>}; false -> ok end; validate_doc_update(#db{validate_doc_funs=[]}, _Doc, _GetDiskDocFun) -> ok; validate_doc_update(_Db, #doc{id= <<"_local/",_/binary>>}, _GetDiskDocFun) -> ok; validate_doc_update(#db{name=DbName,user_ctx=Ctx}=Db, Doc, GetDiskDocFun) -> DiskDoc = GetDiskDocFun(), JsonCtx = {[{<<"db">>, DbName}, {<<"name">>,Ctx#user_ctx.name}, {<<"roles">>,Ctx#user_ctx.roles}]}, try [case Fun(Doc, DiskDoc, JsonCtx) of ok -> ok; Error -> throw(Error) end || Fun <- Db#db.validate_doc_funs], ok catch throw:Error -> Error end. I logged a for-n loop over userCtx in the "validate_doc_update" view function and got these names, values, and types: db=test_database (string) name=null (object) <-- roles=_admin (object) <-- probably an array? Anyone know where the value for "name" comes from, and how the "roles" values are generated? -Sam On Fri, Apr 10, 2009 at 2:46 PM, Samuel Wan <[email protected]> wrote: > Oops, replied before receiving your answer. Thanks for explaining! > > -Sam > > On Fri, Apr 10, 2009 at 2:45 PM, Samuel Wan <[email protected]> wrote: >> I found the answer on the Safari Books Online website: >> >> http://my.safaribooksonline.com/9780596158156/I_section3_d1e2107 >> >> "The validate_doc_update function gets executed for each document you >> want to create or update [....] If you have multiple design documents >> each with a validate_doc_update function, all of those functions are >> called upon each incoming write request." >> >> -Sam >> >> >> On Fri, Apr 10, 2009 at 2:31 PM, Samuel Wan <[email protected]> wrote: >>> Thanks for the pointers, Patrick! >>> >>> Is the "validate_doc_update" a special function that CouchDB looks for >>> when processing a PUT request? If the design document contains the >>> validation function, but you're updating a regular document, how will >>> CouchDB know which design document contains the validation function to >>> run? >>> >>> -Sam >>> >>> On Fri, Apr 10, 2009 at 12:27 PM, Patrick Antivackis >>> <[email protected]> wrote: >>>> Hi Samuel, >>>> No real doc nor wiki yet. >>>> What is implemented already is administrator acces and update validation. >>>> Reader access nothing yet. >>>> >>>> About update validation, the only reliable source is the test suite : >>>> http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/security_validation.js?view=markup >>>> >>>> About administrator you have a light wiki info there : >>>> http://wiki.apache.org/couchdb/Setting_up_an_Admin_account >>>> >>>> Hope you fill find what you need >>>> >>>> >>>> 2009/4/10 Samuel Wan <[email protected]> >>>> >>>>> Hi all, >>>>> >>>>> I waited for security support in CouchDB 0.9 before jumping back in, >>>>> and saw Administrator Access, Reader Access, and Update Validation >>>>> features mentioned at http://couchdb.apache.org/docs/overview.html. >>>>> Where can I find the most recent information on CouchDB's security >>>>> support, and ways to implement authentication and authorization? >>>>> >>>>> I found a 5-month old post here, but wasn't sure how much had changed: >>>>> >>>>> http://jchrisa.net/drl/_design/sofa/_show/post/couchdb_edge__security_and_vali >>>>> >>>>> Any hints on where to look would be much appreciated. >>>>> >>>>> -Sam >>>>> >>>> >>> >> >
