You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Dale Harvey (JIRA)" <ji...@apache.org> on 2010/10/08 00:10:32 UTC
[jira] Created: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Anonymous Access to Design Docs on private DB's
-----------------------------------------------
Key: COUCHDB-912
URL: https://issues.apache.org/jira/browse/COUCHDB-912
Project: CouchDB
Issue Type: New Feature
Components: HTTP Interface
Reporter: Dale Harvey
Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Filipe Manana (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12930114#action_12930114 ]
Filipe Manana commented on COUCHDB-912:
---------------------------------------
Dale, looks a lot better now.
Only 3 things left:
1) For JavaScript code, the CouchDB convention is to use 2 spaces for each indentation level. Also, the test should probably go into the design_docs.js file. I don't think such a small test should go into a separate file (others may disagree);
2) Besides validating the patch, don't you want to make sure the access is only allowed for GET requests? Because like it is now, it seems to me that anonymous users are allowed to add (PUT) attachments to the design doc;
3) The is_design_attachment function could still be left out, and instead have do_db_req/2 like:
case {Anon, RestParts, Req#httpd.method} of
{"true", [ <<"_design">>, _DdocName, <<C:8, _/binary>> | _ ], 'GET'} when C =/= $_ ->
fun couch_db:open_int/2;
_ ->
fun couch_db:open/2
end
This makes it simple and shorter imho.
Good work!
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, attachment_permissions.js
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Dale Harvey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dale Harvey updated COUCHDB-912:
--------------------------------
Attachment: (was: anon.patch)
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, anon.patch, attachment_permissions.js
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Dale Harvey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12928630#action_12928630 ]
Dale Harvey commented on COUCHDB-912:
-------------------------------------
This patch adds a configuration option that allows users to make attachments to design documents available to anonymous users on private database.
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Adam Kocoloski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12928845#action_12928845 ]
Adam Kocoloski commented on COUCHDB-912:
----------------------------------------
The difference between the two should be completely negligible, I think. A couch_config lookup takes only a microsecond or two. I tend to prefer not caching the config values when writing long-lived servers.
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Dale Harvey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dale Harvey updated COUCHDB-912:
--------------------------------
Attachment: anon.patch
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Dale Harvey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12928903#action_12928903 ]
Dale Harvey commented on COUCHDB-912:
-------------------------------------
Added a new patch that caches it. Personally I think httpd.erl and forward is a tad messy and would be best leave it uncached for now and if needed do a seperate refactor to make that caching more convenient / tidier. (Used an opaque dict so the next thing that needs cached doesnt add another parameter)
Will write the tests for it now
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, anon.patch
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Dale Harvey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dale Harvey updated COUCHDB-912:
--------------------------------
Attachment: anon.patch
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, anon.patch
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Dale Harvey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dale Harvey updated COUCHDB-912:
--------------------------------
Attachment: (was: anon.patch)
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, attachment_permissions.js
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Chris Anderson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12928833#action_12928833 ]
Chris Anderson commented on COUCHDB-912:
----------------------------------------
reviewing the patch. looks good except that config should not be read in an http responder. instead it should be read in the gen-server init and added to the httpd record or something so it's available in the responder.
This is a little bit more performant, here's an example of where config is loaded.
https://github.com/apache/couchdb/blob/trunk/src/couchdb/couch_httpd.erl#L76
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Dale Harvey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12928971#action_12928971 ]
Dale Harvey commented on COUCHDB-912:
-------------------------------------
Thats awesome feedback, cheers, yeh was in the middle of writing the tests, just put the patch up before so I could get comments like this :)
Will repatch and send in the tests later today, thanks.
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, anon.patch
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Filipe Manana (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12928962#action_12928962 ]
Filipe Manana commented on COUCHDB-912:
---------------------------------------
Hi,
I have a few remarks:
1) A test is needed. Probably the right place for it will be in share/www/script/test/design_docs.js;
2) No need to change couch_db:open/2. Just use couch_db:open_int/2;
3) I agree with Adam. No need to "cache" the value. A couch_config:get/3 doesn't go through a gen_server, it does direct lookups to a protected (readable by any process) ets table, therefore it's very fast. I also don't think that couch_httpd.erl should be touched at all;
4) That to_bool/1 function is very unerlangish. Just do something like: Whatever =:= "true";
5) Also that is_design_attachment function seems redundant. I would suggest restricting all the change in couch_http_db.erl to the do_db_req/2 function. Something like the following:
diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl
index 87fc15d..9e68c08 100644
--- a/src/couchdb/couch_httpd_db.erl
+++ b/src/couchdb/couch_httpd_db.erl
@@ -188,7 +188,7 @@ delete_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) ->
throw(Error)
end.
-do_db_req(#httpd{user_ctx=UserCtx,path_parts=[DbName|_]}=Req, Fun) ->
+do_db_req(#httpd{user_ctx=UserCtx,path_parts=[DbName|RestParts]}=Req, Fun) ->
LDbName = ?b2l(DbName),
% I hope this lookup is cheap.
case couch_config:get("couch_httpd_auth", "authentication_db") of
@@ -198,7 +198,13 @@ do_db_req(#httpd{user_ctx=UserCtx,path_parts=[DbName|_]}=Req, Fun) ->
couch_db:close(ADb);
_Else -> ok
end,
- case couch_db:open(DbName, [{user_ctx, UserCtx}]) of
+ OpenDbFun = case RestParts of
+ [<<"_design">> | _] ->
+ fun couch_db:open_int/2;
+ _ ->
+ fun couch_db:open/2
+ end,
+ case OpenDbFun(DbName, [{user_ctx, UserCtx}]) of
{ok, Db} ->
try
Fun(Req, Db)
All the rest seems ok to me. Good work.
cheers
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, anon.patch
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Dale Harvey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dale Harvey updated COUCHDB-912:
--------------------------------
Attachment: attachment_permissions.js
anon.patch
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, anon.patch, attachment_permissions.js
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (COUCHDB-912) Anonymous Access to Design Docs on
private DB's
Posted by "Dale Harvey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12929918#action_12929918 ]
Dale Harvey commented on COUCHDB-912:
-------------------------------------
I have redone the patch thanks to Filipes feedback, its much cleaner now, thanks.
I have is_ddoc_attachment() which reproduces some routing logic that is spread throughout the entire couch_httpd_db.erl, I would prefer that the logic only done once, and it would be possible to workaround by reopening the database in various places. However that patch is far more intrusive.
The right 'fix' is to decouple the routing from the actual logic, and paul mentioned experimenting with a webmachine / other routing layer so I think its ok to make changes like these and defer workarounds until a nicer routing layer is in place.
(but if you want the open db patch, then just say)
> Anonymous Access to Design Docs on private DB's
> -----------------------------------------------
>
> Key: COUCHDB-912
> URL: https://issues.apache.org/jira/browse/COUCHDB-912
> Project: CouchDB
> Issue Type: New Feature
> Components: HTTP Interface
> Reporter: Dale Harvey
> Attachments: anon.patch, attachment_permissions.js
>
>
> Right now people need to go through futon in order to login to couchapps running on private databases, this is a pretty big limitation on the type of couchapps that can be built
> Propose adding the ability for users to flag the design docs as readable for anonymous users, could be implemented though an attribute on the design doc?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.