You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Randall Leeds (JIRA)" <ji...@apache.org> on 2011/05/16 22:56:48 UTC
[jira] [Commented] (COUCHDB-1155) Etag send by list function does
not depend on userCtx
[ https://issues.apache.org/jira/browse/COUCHDB-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13034304#comment-13034304 ]
Randall Leeds commented on COUCHDB-1155:
----------------------------------------
Looking at the wiki: http://wiki.apache.org/couchdb/Formatting_with_Show_and_List#ETags
It seems as though it's the roles that affect the etag. The documentation only mentions _show, but perhaps _list behaves the same way. Can you verify this?
If the whole user context is available to the list function then I think it's a fair argument that more than just roles should affect the etag.
Although, I wonder if it's actually more correct to let the function generate the etag itself (or leave it off if it wants).
After all, there's no requirement that a _list or _show be deterministic, so how should CouchDB know what etag to send?
I'd love some input from the community and devs on this one, but lets try not to bikeshed toooo much. :-P
> Etag send by list function does not depend on userCtx
> -----------------------------------------------------
>
> Key: COUCHDB-1155
> URL: https://issues.apache.org/jira/browse/COUCHDB-1155
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Affects Versions: 1.0.2
> Reporter: Johannes J. Schmidt
>
> List functions should send a different Etag when requested by different users.
> The following curl session shows identical Etags for different users. CouchDB must not be in admin party mode.
> PROTOCOL=http
> DOMAIN="127.0.0.1:5984"
> DB=testdb
> # admin credentials for db creation
> ADMIN=admin:secure
> # this user must have an empty roles array
> USER=user:secure
> curl -XDELETE $PROTOCOL://$ADMIN@$DOMAIN/$DB
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/foo -d '{"count":1}'
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/_design/foo -d '{ "views": { "bar": { "map": "function(doc) { emit(doc._id, null); }" } }, "lists": { "bar": "function(head, req) { return req.userCtx.name || \"anonymous\" }" }}'
> curl -s $PROTOCOL://$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
> curl -s $PROTOCOL://$USER@$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> This issue is important for standalone CouchDB applications which use list functions depending on the user context, eg. showing a login button or username.
> regards
> Johannes
> PS: I tried to write a javascript test case but this issue can only be reproduced if the server is not in admin party mode, which the test suite requires. I am not so familar with those tests to temporarily change the admin party.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira