On Tue, Jul 19, 2011 at 02:12, Randall Leeds <[email protected]>wrote:
> > ---------- Forwarded message ---------- > > From: Alex Aitken <[email protected]> > > Date: Thu, Jul 14, 2011 at 4:19 PM > > Subject: Implementing Authorization control for Self-Enrollers in a > > pure Couchapp > > To: [email protected] > > > > > > What's the best way using CouchDB's built-in > > authentication/authorization to set up self-enrollers as user type = > > reader? I understand there's a db/_security object, but not how to > > edit it/use it/update it... And if admins are the only ones capable > > editing roles, how does a self-enrolled user get these assigned? > > Thanks for thoughts, > > Alex Aitken > > You can edit the _security object by clicking on "Security..." at the > top of the futon page for a database. You should also be able to > GET/PUT /database/_security. > > The rules for updating roles and who can change what about user > documents are actually just implemented as a validate_doc_update > function in the _users database. > Check out /_users/_design/auth. You could special case "readers" for > self-enrollment in your deployment. > I am kind of stuck at the same problem. I've looked at /_users/_design/_auth, which was quite insightful, thanks a LOT for that simple comment here. Alex, do I get correctly that you meant changing the validation functions so that users could set e.g. one specific role "reading" without throwing the error that only the admin may do that? Do you have an example for that? Many thanks, Jan
