You can achieve this with an update handler (http://wiki.apache.org/couchdb/Document_Update_Handlers) but it could be bypassed by a savvy user. I don't see why a validate_doc_update function couldn't enforce this it if had access to the req object. I'm +1.
B. On 28 May 2012 16:06, Luca Matteis <[email protected]> wrote: > Sure. For example I'm allowing my users to vote on certain "items" in > my database. This will allow me to understand the amount of > satisfaction of these items. I can easily validate and make sure each > user is commenting only once, however, someone might simply create a > new account and re-vote for that item. This defeats the purpose of the > voting system. > My solution would be to check based on the IP of the voter, no matter > what user they're logged in with. > > Does this make sense? Thanks. > > On Mon, May 28, 2012 at 3:50 PM, Robert Newson <[email protected]> wrote: >> I fear I've derailed this thread, so let's shelve the [email protected] >> idea for another time and thread. >> >> To address the original question; >> >> "I have a scenario where I'm building a CouchApp that needs to deny >> certain behavior from happening based on the user's IP address. >> Would it be good to consider this as a new feature to be implemented?" >> >> Being able to build richer applications within the 2-tier couchapp >> model is a project goal so I'm generally for the proposal to expose >> the req object in VDU (since you can access it in show and list and it >> seems to break nothing). I suspect the full feature set required for >> your application to not require a proxy or firewall has not been >> spelled out in detail and, I further suspect, some of it will be >> better done with a firewall. >> >> Could you expand on the 'certain behavior' that should be restricted >> based on IP? A few examples would help. >> >> B. >> >> On 28 May 2012 14:38, Simon Metson <[email protected]> wrote: >>> Hi, >>> >>> >>> On Monday, 28 May 2012 at 14:12, Robert Newson wrote: >>> >>>> The other proposal might be to allow the granting of >>>> rights by IP address, much as MySQL does. In fact, I believe this idea >>>> is part of the Summit proposal to enhance our security model. I should >>>> be able to grant _admin rights to a user if and only if they come from >>>> 127.0.0.1, for example. >>> >>> We wrote something like this for our deployment at CERN. I thought it had >>> been contributed back to the trunk, but maybe it got lost along the way. >>> I'll see if I can find out the status of it. >>> Cheers >>> Simon
