I keep running into a few recurring themes that make couchapps just not scale for me. I believe that with just a few extra CouchDB features, the couchapp model could scale to encompass ANY web application.
The missing feature that is currently bumming me out is the lack of a writers section in the _security object of a database. Here are a few examples where I've wanted this feature: 1. User feedback. I'd love to just throw up a simple couchapp with a database that anyone can write to, but only certain users (or a certain role) can read from. I can't do this currently because if a user can write to a given database, they can also read from that database. 2. A sort of voting feature on an app where users should be able to cast their votes, but not see other users' votes. I can easily ensure that each user only gets one vote in the validation by making sure the _id on the vote document matches the user's id. Here I have the same problem as the previous example. But Also, I can't *really* constrain each user to just one vote because if the user can write to the database, then they are an admin and they can change the design doc such that it no longer limits them to one vote. Then they can vote arbitrarily many times. 3. A messaging system where anyone can write to anyone else's message database, but not read each others' messages. This is a more general case of the first example. I know that I can implement all of these things if I use some kind of middleware, but it pains me to add additional complexity just for a feature that I believe should be built-in. I also don't want to leave the couchapp model, because I believe that once I've thrown middleware in front of couch, it loses its biggest advantage (in my use cases) over its competitors: i'm no longer querying it directly from the client. I would love to see the writers section of _security implemented. In fact, I've been trying to find a way to contribute to CouchDB, and I might take a whack at implementing this feature myself. Would others find this feature useful? Is such a feature already on the way? Are there other ways (besides middleware) of getting these features that I'm too dense to have thought of? :P --Jonathan
