> On 30 Dec 2014, at 09:01 , Alexander Shorin <[email protected]> wrote: > > The easiest way is indeed to put CouchDB behind a proxy, but for > _all_docs you can just remove this http endpoint from config by adding > the following in your local.ini > > [httpd_db_handlers] > _all_docs = > > Suddenly, for _purge you cannot do the same trick. However, you might > want to open issue on JIRA about since this looks like is an unwelcome > behaviour.
+1 to file an issue for this. > -- > ,,,^..^,,, > > > On Tue, Dec 30, 2014 at 6:38 AM, jumbo jim <[email protected]> wrote: >> Hi, >> >> I don't want a particular user to be able to delete any documents - only >> create/update. I have a design doc to prevent normal deletion - >> >> function(newDoc, oldDoc, userCtx, secObj) { >> if ( (newDoc._deleted === true) && (userCtx.roles.indexOf('_admin') === >> -1) ) { >> throw({forbidden: 'no way!'}); >> } >> else{ >> return; >> } >> } >> >> However, the user can still purge! Is there a way to stop this? >> >> Also, is there a way to hide all docs? ie, block this - >> http://localhost:5984/DB/_all_docs >> >> I know I could put a proxy in between and block/rewrite _purge or >> _all_docs, but is there an easier way? >> >> Thanks
signature.asc
Description: Message signed with OpenPGP using GPGMail
