You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Martin Minka <ma...@gmail.com> on 2014/06/20 08:32:30 UTC
CouchDB returning data filtered by userCtx.name
I am using CouchDB v1.4.0.
Is followin doable in CouchDB ?
Client application will access CouchDB directly, client will authenticate
against CouchDB and request data from _view/myaccount, the data should be
filtered for userCtx.name.
If user name has to be parameter for _view/myaccount is it possible to
validate it against userCtx.name ?
Or do I have to use some other server level software to proxy requests
against CouchDB ?
Thank you,
Martin
Re: CouchDB returning data filtered by userCtx.name
Posted by Mike Marino <mm...@gmail.com>.
Hi Martin,
list functions give you access to the userCtx object and can allow you to
prepare the results of a view based upon a particular user. See, e.g.
http://guide.couchdb.org/draft/transforming.html
However, you will still need to limit access to other pieces of the
database (using e.g. some sort of proxy request handler) since the user
will otherwise be able to read the rest of the database.
Perhaps another alternative would be to follow the one-user-per-database
model? I don't have experience with this, but it has been discussed on the
list.
Cheers,
Mike
On Fri, Jun 20, 2014 at 11:04 AM, Gowtham Tamizharasan <
gowtham.tamizharasan@inmobi.com> wrote:
> Hi Martin,
>
> You could query a view function based on "key". so you can query like
> _view/myaccount?key="<user
> name>"
>
> In your View emit key as the user name.
>
>
>
> On Fri, Jun 20, 2014 at 12:02 PM, Martin Minka <ma...@gmail.com>
> wrote:
>
> > I am using CouchDB v1.4.0.
> >
> > Is followin doable in CouchDB ?
> > Client application will access CouchDB directly, client will authenticate
> > against CouchDB and request data from _view/myaccount, the data should be
> > filtered for userCtx.name.
> >
> > If user name has to be parameter for _view/myaccount is it possible to
> > validate it against userCtx.name ?
> >
> > Or do I have to use some other server level software to proxy requests
> > against CouchDB ?
> >
> > Thank you,
> > Martin
> >
>
> --
> _____________________________________________________________
> The information contained in this communication is intended solely for the
> use of the individual or entity to whom it is addressed and others
> authorized to receive it. It may contain confidential or legally privileged
> information. If you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in reliance
> on the contents of this information is strictly prohibited and may be
> unlawful. If you have received this communication in error, please notify
> us immediately by responding to this email and then delete it from your
> system. The firm is neither liable for the proper and complete transmission
> of the information contained in this communication nor for any delay in its
> receipt.
>
Re: CouchDB returning data filtered by userCtx.name
Posted by Martin Minka <ma...@gmail.com>.
yes, but this will not enforce security, because anybody could pass any
username without to authenticate first.
this would be an acceptable way if it is possible to write some validation
function which will compare the parameter with ctxUser.name before running
the view query.
is it possible to write such validation function ?
2014-06-20 11:04 GMT+02:00 Gowtham Tamizharasan <
gowtham.tamizharasan@inmobi.com>:
> Hi Martin,
>
> You could query a view function based on "key". so you can query like
> _view/myaccount?key="<user
> name>"
>
> In your View emit key as the user name.
>
>
>
> On Fri, Jun 20, 2014 at 12:02 PM, Martin Minka <ma...@gmail.com>
> wrote:
>
> > I am using CouchDB v1.4.0.
> >
> > Is followin doable in CouchDB ?
> > Client application will access CouchDB directly, client will authenticate
> > against CouchDB and request data from _view/myaccount, the data should be
> > filtered for userCtx.name.
> >
> > If user name has to be parameter for _view/myaccount is it possible to
> > validate it against userCtx.name ?
> >
> > Or do I have to use some other server level software to proxy requests
> > against CouchDB ?
> >
> > Thank you,
> > Martin
> >
>
> --
> _____________________________________________________________
> The information contained in this communication is intended solely for the
> use of the individual or entity to whom it is addressed and others
> authorized to receive it. It may contain confidential or legally privileged
> information. If you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in reliance
> on the contents of this information is strictly prohibited and may be
> unlawful. If you have received this communication in error, please notify
> us immediately by responding to this email and then delete it from your
> system. The firm is neither liable for the proper and complete transmission
> of the information contained in this communication nor for any delay in its
> receipt.
>
Re: CouchDB returning data filtered by userCtx.name
Posted by Gowtham Tamizharasan <go...@inmobi.com>.
Hi Martin,
You could query a view function based on "key". so you can query like
_view/myaccount?key="<user
name>"
In your View emit key as the user name.
On Fri, Jun 20, 2014 at 12:02 PM, Martin Minka <ma...@gmail.com>
wrote:
> I am using CouchDB v1.4.0.
>
> Is followin doable in CouchDB ?
> Client application will access CouchDB directly, client will authenticate
> against CouchDB and request data from _view/myaccount, the data should be
> filtered for userCtx.name.
>
> If user name has to be parameter for _view/myaccount is it possible to
> validate it against userCtx.name ?
>
> Or do I have to use some other server level software to proxy requests
> against CouchDB ?
>
> Thank you,
> Martin
>
--
_____________________________________________________________
The information contained in this communication is intended solely for the
use of the individual or entity to whom it is addressed and others
authorized to receive it. It may contain confidential or legally privileged
information. If you are not the intended recipient you are hereby notified
that any disclosure, copying, distribution or taking any action in reliance
on the contents of this information is strictly prohibited and may be
unlawful. If you have received this communication in error, please notify
us immediately by responding to this email and then delete it from your
system. The firm is neither liable for the proper and complete transmission
of the information contained in this communication nor for any delay in its
receipt.