ok how would i do that in pouchdb .query() and .find() ? can't find it anywhere in the docs :(
On Wed, Jul 25, 2018 at 6:58 PM Joan Touzet <woh...@apache.org> wrote: > Yes, as can Mango queries, which are faster and easier to use. > > ----- Original Message ----- > From: "Rene Veerman" <seductivea...@gmail.com> > To: user@couchdb.apache.org > Sent: Wednesday, July 25, 2018 6:43:19 AM > Subject: Re: permissions specific to each document? > > can views accept parameters? like a username to check permissions for? > > On Wed, Jul 25, 2018 at 11:48 AM Rene Veerman <seductivea...@gmail.com> > wrote: > > > and how about using custom users and groups (roles) tables, combined with > > view functions that query permissions settings in docs? > > that way my CMS' users and groups stay seperate from couchdb's, which can > > be seen as a plus, i think. > > but i am worried about accesses to my couchdb using credentials found in > > my javascript and accesses of the data without using the assigned view > > functions. > > > > i'm not sure db-per-user has been properly debugged already; it was > broken > > in 2.10 and the current version is 2.1.2 > > > > On Tue, Jul 24, 2018 at 9:45 PM Jan Lehnardt <j...@apache.org> wrote: > > > >> On top of what Joan mentioned, we’re planning per-doc permissions > >> for 3.0, but it’s ways out, so don’t wait for it. But if db-per-user > >> is good enough for now, you’ll be able to upgrade to the new model > >> later. > >> > >> Best > >> Jan > >> — > >> > >> > On 24. Jul 2018, at 20:34, Joan Touzet <woh...@apache.org> wrote: > >> > > >> > Right now, there is no document-level security in CouchDB unless you > >> enforce > >> > it yourself using a proxy server of some sort. You can then enable the > >> proxy > >> > authentication solution in CouchDB and handle all of the permissions > >> yourself. > >> > > >> > Note that this breaks down if you want to allow end users to replicate > >> to and > >> > from the databases, or use the bulk endpoints. VDU functions generally > >> aren't > >> > sufficient to enforce detailed levels of modifications to documents. > >> > > >> > You'll want to look into the database-per-user approaches for CouchDB, > >> > including the built-in "couch_peruser" functionality we provide. This > >> lets you > >> > have a single database per user, and use the power of replication to > >> replicate > >> > that user's data to (or from) a central database for later analytics > >> work if > >> > you need. > >> > > >> > -Joan > >> > > >> > ----- Original Message ----- > >> > From: "Rene Veerman" <seductivea...@gmail.com> > >> > To: user@couchdb.apache.org > >> > Sent: Tuesday, July 24, 2018 1:56:28 PM > >> > Subject: permissions specific to each document? > >> > > >> > is this possible in couchdb? > >> > > >> > suppose i have a database 'tree node data', > >> > and several roles defined in the couchdb. > >> > > >> > i'd like to be returned only those tree node documents that the > current > >> > user may access. > >> > > >> > in general, i'd like to outsource my entire CMS' users and roles and > >> > permissions system to couchdb. is this possible, and if so, what's the > >> best > >> > way to go about it? > >> > >> -- > >> Professional Support for Apache CouchDB: > >> https://neighbourhood.ie/couchdb-support/ > >> > >> >
