You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Jonathan Geddes <ge...@gmail.com> on 2011/02/13 22:52:11 UTC
Write-only for users?
couchdb users,
I'm thinking of using a couchapp for an upcoming project, but there is
one capability that I'm unsure of.
I need a database that anyone can post to, but only admin can read
from. The requirement is to allow users to post personal information
that other users cannot see. If I understand the couchdb permissions
model correctly, for a given db, anyone who can create documents can
also read documents.
Is there a way to do this with a couchapp? It seems a shame to have to
add "middleware" just to get this one capability.
thanks,
--Jonathan
Re: Write-only for users?
Posted by Amedeo Paglione <am...@gmail.com>.
+1
This is the way used by Ubuntu One if I am not wrong.
--
Amedeo
On Mon, Feb 14, 2011 at 00:06, Janez Štupar <ja...@gmail.com> wrote:
> +1
>
> this is the Couch way
>
> On Sun, Feb 13, 2011 at 11:44 PM, Jonathan Stott
> <jo...@gmail.com>wrote:
>
> > Hi Jonathan
> >
> > One way to accomplish this is to give each user their own database.
> > They (and only they + admin) can both read and write from this
> > database. For operations that need to be performed on the whole
> > database, the admin can replicate each of the individual databases to
> > a 'master' database only they can read.
> >
> > Regards
> > Jon
> >
> > On 13 February 2011 21:52, Jonathan Geddes <ge...@gmail.com>
> > wrote:
> > > couchdb users,
> > >
> > > I'm thinking of using a couchapp for an upcoming project, but there is
> > > one capability that I'm unsure of.
> > >
> > > I need a database that anyone can post to, but only admin can read
> > > from. The requirement is to allow users to post personal information
> > > that other users cannot see. If I understand the couchdb permissions
> > > model correctly, for a given db, anyone who can create documents can
> > > also read documents.
> > >
> > > Is there a way to do this with a couchapp? It seems a shame to have to
> > > add "middleware" just to get this one capability.
> > >
> > > thanks,
> > >
> > > --Jonathan
> > >
> >
>
Re: Write-only for users?
Posted by Janez Štupar <ja...@gmail.com>.
+1
this is the Couch way
On Sun, Feb 13, 2011 at 11:44 PM, Jonathan Stott
<jo...@gmail.com>wrote:
> Hi Jonathan
>
> One way to accomplish this is to give each user their own database.
> They (and only they + admin) can both read and write from this
> database. For operations that need to be performed on the whole
> database, the admin can replicate each of the individual databases to
> a 'master' database only they can read.
>
> Regards
> Jon
>
> On 13 February 2011 21:52, Jonathan Geddes <ge...@gmail.com>
> wrote:
> > couchdb users,
> >
> > I'm thinking of using a couchapp for an upcoming project, but there is
> > one capability that I'm unsure of.
> >
> > I need a database that anyone can post to, but only admin can read
> > from. The requirement is to allow users to post personal information
> > that other users cannot see. If I understand the couchdb permissions
> > model correctly, for a given db, anyone who can create documents can
> > also read documents.
> >
> > Is there a way to do this with a couchapp? It seems a shame to have to
> > add "middleware" just to get this one capability.
> >
> > thanks,
> >
> > --Jonathan
> >
>
Re: Write-only for users?
Posted by Jonathan Stott <jo...@gmail.com>.
Hi Jonathan
One way to accomplish this is to give each user their own database.
They (and only they + admin) can both read and write from this
database. For operations that need to be performed on the whole
database, the admin can replicate each of the individual databases to
a 'master' database only they can read.
Regards
Jon
On 13 February 2011 21:52, Jonathan Geddes <ge...@gmail.com> wrote:
> couchdb users,
>
> I'm thinking of using a couchapp for an upcoming project, but there is
> one capability that I'm unsure of.
>
> I need a database that anyone can post to, but only admin can read
> from. The requirement is to allow users to post personal information
> that other users cannot see. If I understand the couchdb permissions
> model correctly, for a given db, anyone who can create documents can
> also read documents.
>
> Is there a way to do this with a couchapp? It seems a shame to have to
> add "middleware" just to get this one capability.
>
> thanks,
>
> --Jonathan
>
Re: Write-only for users?
Posted by Chris Anderson <jc...@apache.org>.
On Mon, Feb 14, 2011 at 8:25 AM, Jonathan Geddes
<ge...@gmail.com> wrote:
> These all sound like good ideas that will work, but they seem like a
> lot of work for a fairly simple task.
>
> Anyone know the rational behind couch not supporting write-only for
> users? Open databases are cool, but sometimes you need closed ones to
> protect privacy.
I would like a write-only "dropbox" style database. I've wanted this
for a while, but sadly sits at the bottom of my todo list.
Chris
>
> Thanks all for the responses.
>
> --Jonathan
>
> On Mon, Feb 14, 2011 at 12:04 AM, Aravinda VK
> <ha...@gmail.com> wrote:
>> Sorry I missed a note, the example blog(http://hosabelaku.aravindavk.in) has
>> some issue with Internet explorer. (Didn't get the Windows machine to test
>> it and fix :) )
>>
>> On Mon, Feb 14, 2011 at 12:30 PM, Aravinda VK <ha...@gmail.com>wrote:
>>
>>> I had the similar situation while creating my photoblog. When user add
>>> comments to a blog then other users can see the sensitive informations like
>>> email.
>>>
>>> So my approach,
>>> Created the comments app as an independent system(Like Disqus)
>>> Added PHP layer to it and given read and write permission to Admin for
>>> comments database.
>>> The PHP layer acts as API server.
>>>
>>> When user adds comment, It will be submitted to PHP layer using JSONP(since
>>> cross domain).
>>> To load the comments, I just pass URL of blog/page to get comments related
>>> to that URL. (Email will be excluded by PHP layer while serving)
>>>
>>> My photoblog is created as couchapp, and gets comments from PHP layer using
>>> JSONP.
>>>
>>> Except for comment system, everything else is complete couchapp.
>>>
>>> Advantage here is, We can use the same comments system for multiple
>>> websites.
>>>
>>> You can visit the blog which I am talking about
>>> http://hosabelaku.aravindavk.in (This photoblog is in Kannada, Language of
>>> Karnataka, India http://en.wikipedia.org/wiki/Kannada)
>>>
>>> Source code is not shared yet. Need to cleanup the code bit. Will share
>>> once it is ready :)
>>>
>>> --
>>> Regards
>>> Aravinda | ಅರವಿಂದ
>>> http://aravindavk.in
>>>
>>> On Mon, Feb 14, 2011 at 3:22 AM, Jonathan Geddes <
>>> geddes.jonathan@gmail.com> wrote:
>>>
>>>> couchdb users,
>>>>
>>>> I'm thinking of using a couchapp for an upcoming project, but there is
>>>> one capability that I'm unsure of.
>>>>
>>>> I need a database that anyone can post to, but only admin can read
>>>> from. The requirement is to allow users to post personal information
>>>> that other users cannot see. If I understand the couchdb permissions
>>>> model correctly, for a given db, anyone who can create documents can
>>>> also read documents.
>>>>
>>>> Is there a way to do this with a couchapp? It seems a shame to have to
>>>> add "middleware" just to get this one capability.
>>>>
>>>> thanks,
>>>>
>>>> --Jonathan
>>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Regards
>> Aravinda | ಅರವಿಂದ
>> http://aravindavk.in
>>
>
--
Chris Anderson
http://jchrisa.net
http://couch.io
Re: Write-only for users?
Posted by Jonathan Geddes <ge...@gmail.com>.
These all sound like good ideas that will work, but they seem like a
lot of work for a fairly simple task.
Anyone know the rational behind couch not supporting write-only for
users? Open databases are cool, but sometimes you need closed ones to
protect privacy.
Thanks all for the responses.
--Jonathan
On Mon, Feb 14, 2011 at 12:04 AM, Aravinda VK
<ha...@gmail.com> wrote:
> Sorry I missed a note, the example blog(http://hosabelaku.aravindavk.in) has
> some issue with Internet explorer. (Didn't get the Windows machine to test
> it and fix :) )
>
> On Mon, Feb 14, 2011 at 12:30 PM, Aravinda VK <ha...@gmail.com>wrote:
>
>> I had the similar situation while creating my photoblog. When user add
>> comments to a blog then other users can see the sensitive informations like
>> email.
>>
>> So my approach,
>> Created the comments app as an independent system(Like Disqus)
>> Added PHP layer to it and given read and write permission to Admin for
>> comments database.
>> The PHP layer acts as API server.
>>
>> When user adds comment, It will be submitted to PHP layer using JSONP(since
>> cross domain).
>> To load the comments, I just pass URL of blog/page to get comments related
>> to that URL. (Email will be excluded by PHP layer while serving)
>>
>> My photoblog is created as couchapp, and gets comments from PHP layer using
>> JSONP.
>>
>> Except for comment system, everything else is complete couchapp.
>>
>> Advantage here is, We can use the same comments system for multiple
>> websites.
>>
>> You can visit the blog which I am talking about
>> http://hosabelaku.aravindavk.in (This photoblog is in Kannada, Language of
>> Karnataka, India http://en.wikipedia.org/wiki/Kannada)
>>
>> Source code is not shared yet. Need to cleanup the code bit. Will share
>> once it is ready :)
>>
>> --
>> Regards
>> Aravinda | ಅರವಿಂದ
>> http://aravindavk.in
>>
>> On Mon, Feb 14, 2011 at 3:22 AM, Jonathan Geddes <
>> geddes.jonathan@gmail.com> wrote:
>>
>>> couchdb users,
>>>
>>> I'm thinking of using a couchapp for an upcoming project, but there is
>>> one capability that I'm unsure of.
>>>
>>> I need a database that anyone can post to, but only admin can read
>>> from. The requirement is to allow users to post personal information
>>> that other users cannot see. If I understand the couchdb permissions
>>> model correctly, for a given db, anyone who can create documents can
>>> also read documents.
>>>
>>> Is there a way to do this with a couchapp? It seems a shame to have to
>>> add "middleware" just to get this one capability.
>>>
>>> thanks,
>>>
>>> --Jonathan
>>>
>>
>>
>>
>>
>>
>
>
> --
> Regards
> Aravinda | ಅರವಿಂದ
> http://aravindavk.in
>
Re: Write-only for users?
Posted by Aravinda VK <ha...@gmail.com>.
Sorry I missed a note, the example blog(http://hosabelaku.aravindavk.in) has
some issue with Internet explorer. (Didn't get the Windows machine to test
it and fix :) )
On Mon, Feb 14, 2011 at 12:30 PM, Aravinda VK <ha...@gmail.com>wrote:
> I had the similar situation while creating my photoblog. When user add
> comments to a blog then other users can see the sensitive informations like
> email.
>
> So my approach,
> Created the comments app as an independent system(Like Disqus)
> Added PHP layer to it and given read and write permission to Admin for
> comments database.
> The PHP layer acts as API server.
>
> When user adds comment, It will be submitted to PHP layer using JSONP(since
> cross domain).
> To load the comments, I just pass URL of blog/page to get comments related
> to that URL. (Email will be excluded by PHP layer while serving)
>
> My photoblog is created as couchapp, and gets comments from PHP layer using
> JSONP.
>
> Except for comment system, everything else is complete couchapp.
>
> Advantage here is, We can use the same comments system for multiple
> websites.
>
> You can visit the blog which I am talking about
> http://hosabelaku.aravindavk.in (This photoblog is in Kannada, Language of
> Karnataka, India http://en.wikipedia.org/wiki/Kannada)
>
> Source code is not shared yet. Need to cleanup the code bit. Will share
> once it is ready :)
>
> --
> Regards
> Aravinda | ಅರವಿಂದ
> http://aravindavk.in
>
> On Mon, Feb 14, 2011 at 3:22 AM, Jonathan Geddes <
> geddes.jonathan@gmail.com> wrote:
>
>> couchdb users,
>>
>> I'm thinking of using a couchapp for an upcoming project, but there is
>> one capability that I'm unsure of.
>>
>> I need a database that anyone can post to, but only admin can read
>> from. The requirement is to allow users to post personal information
>> that other users cannot see. If I understand the couchdb permissions
>> model correctly, for a given db, anyone who can create documents can
>> also read documents.
>>
>> Is there a way to do this with a couchapp? It seems a shame to have to
>> add "middleware" just to get this one capability.
>>
>> thanks,
>>
>> --Jonathan
>>
>
>
>
>
>
--
Regards
Aravinda | ಅರವಿಂದ
http://aravindavk.in
Re: Write-only for users?
Posted by Aravinda VK <ha...@gmail.com>.
I had the similar situation while creating my photoblog. When user add
comments to a blog then other users can see the sensitive informations like
email.
So my approach,
Created the comments app as an independent system(Like Disqus)
Added PHP layer to it and given read and write permission to Admin for
comments database.
The PHP layer acts as API server.
When user adds comment, It will be submitted to PHP layer using JSONP(since
cross domain).
To load the comments, I just pass URL of blog/page to get comments related
to that URL. (Email will be excluded by PHP layer while serving)
My photoblog is created as couchapp, and gets comments from PHP layer using
JSONP.
Except for comment system, everything else is complete couchapp.
Advantage here is, We can use the same comments system for multiple
websites.
You can visit the blog which I am talking about
http://hosabelaku.aravindavk.in (This photoblog is in Kannada, Language of
Karnataka, India http://en.wikipedia.org/wiki/Kannada)
Source code is not shared yet. Need to cleanup the code bit. Will share once
it is ready :)
--
Regards
Aravinda | ಅರವಿಂದ
http://aravindavk.in
On Mon, Feb 14, 2011 at 3:22 AM, Jonathan Geddes
<ge...@gmail.com>wrote:
> couchdb users,
>
> I'm thinking of using a couchapp for an upcoming project, but there is
> one capability that I'm unsure of.
>
> I need a database that anyone can post to, but only admin can read
> from. The requirement is to allow users to post personal information
> that other users cannot see. If I understand the couchdb permissions
> model correctly, for a given db, anyone who can create documents can
> also read documents.
>
> Is there a way to do this with a couchapp? It seems a shame to have to
> add "middleware" just to get this one capability.
>
> thanks,
>
> --Jonathan
>
Re: Write-only for users?
Posted by Jonathan Geddes <ge...@gmail.com>.
I think a simple node app will be the solution, but for the sake of
curiosity, how would I allow admin to see the documents but not other
users? Does the request (second) parameter of the show function have a
userContext field where I could check roles?
On Sun, Feb 13, 2011 at 3:23 PM, Janez Štupar <ja...@gmail.com> wrote:
> You are indeed correct.
>
> If the use case is non-distributed then that is probably the faster and more
> roboust solution.
>
> On Sun, Feb 13, 2011 at 11:17 PM, Zachary Zolton
> <za...@gmail.com>wrote:
>
>> True, but I think you still need some kind of proxy to ensure that
>> users can only hit the rewritten URLs.
>>
>> I also find CouchDB URL rewriting and vhosts trickier to set up than
>> just writing a little Sintra or Node.js app.
>>
>> --Zach
>>
>> On Sunday, February 13, 2011, Janez Štupar <ja...@gmail.com> wrote:
>> > You could do something like that utilizing the rewrite handler to
>> prohibit
>> > access to documents and views (redirect all request to a show that tells
>> > users to sod off), while only allowing a PUT to the database and GET to
>> the
>> > said show.
>> >
>> > On Sun, Feb 13, 2011 at 10:52 PM, Jonathan Geddes <
>> geddes.jonathan@gmail.com
>> >> wrote:
>> >
>> >> couchdb users,
>> >>
>> >> I'm thinking of using a couchapp for an upcoming project, but there is
>> >> one capability that I'm unsure of.
>> >>
>> >> I need a database that anyone can post to, but only admin can read
>> >> from. The requirement is to allow users to post personal information
>> >> that other users cannot see. If I understand the couchdb permissions
>> >> model correctly, for a given db, anyone who can create documents can
>> >> also read documents.
>> >>
>> >> Is there a way to do this with a couchapp? It seems a shame to have to
>> >> add "middleware" just to get this one capability.
>> >>
>> >> thanks,
>> >>
>> >> --Jonathan
>> >>
>> >
>>
>
Re: Write-only for users?
Posted by Janez Štupar <ja...@gmail.com>.
You are indeed correct.
If the use case is non-distributed then that is probably the faster and more
roboust solution.
On Sun, Feb 13, 2011 at 11:17 PM, Zachary Zolton
<za...@gmail.com>wrote:
> True, but I think you still need some kind of proxy to ensure that
> users can only hit the rewritten URLs.
>
> I also find CouchDB URL rewriting and vhosts trickier to set up than
> just writing a little Sintra or Node.js app.
>
> --Zach
>
> On Sunday, February 13, 2011, Janez Štupar <ja...@gmail.com> wrote:
> > You could do something like that utilizing the rewrite handler to
> prohibit
> > access to documents and views (redirect all request to a show that tells
> > users to sod off), while only allowing a PUT to the database and GET to
> the
> > said show.
> >
> > On Sun, Feb 13, 2011 at 10:52 PM, Jonathan Geddes <
> geddes.jonathan@gmail.com
> >> wrote:
> >
> >> couchdb users,
> >>
> >> I'm thinking of using a couchapp for an upcoming project, but there is
> >> one capability that I'm unsure of.
> >>
> >> I need a database that anyone can post to, but only admin can read
> >> from. The requirement is to allow users to post personal information
> >> that other users cannot see. If I understand the couchdb permissions
> >> model correctly, for a given db, anyone who can create documents can
> >> also read documents.
> >>
> >> Is there a way to do this with a couchapp? It seems a shame to have to
> >> add "middleware" just to get this one capability.
> >>
> >> thanks,
> >>
> >> --Jonathan
> >>
> >
>
Re: Write-only for users?
Posted by Zachary Zolton <za...@gmail.com>.
True, but I think you still need some kind of proxy to ensure that
users can only hit the rewritten URLs.
I also find CouchDB URL rewriting and vhosts trickier to set up than
just writing a little Sintra or Node.js app.
--Zach
On Sunday, February 13, 2011, Janez Štupar <ja...@gmail.com> wrote:
> You could do something like that utilizing the rewrite handler to prohibit
> access to documents and views (redirect all request to a show that tells
> users to sod off), while only allowing a PUT to the database and GET to the
> said show.
>
> On Sun, Feb 13, 2011 at 10:52 PM, Jonathan Geddes <geddes.jonathan@gmail.com
>> wrote:
>
>> couchdb users,
>>
>> I'm thinking of using a couchapp for an upcoming project, but there is
>> one capability that I'm unsure of.
>>
>> I need a database that anyone can post to, but only admin can read
>> from. The requirement is to allow users to post personal information
>> that other users cannot see. If I understand the couchdb permissions
>> model correctly, for a given db, anyone who can create documents can
>> also read documents.
>>
>> Is there a way to do this with a couchapp? It seems a shame to have to
>> add "middleware" just to get this one capability.
>>
>> thanks,
>>
>> --Jonathan
>>
>
Re: Write-only for users?
Posted by Janez Štupar <ja...@gmail.com>.
You could do something like that utilizing the rewrite handler to prohibit
access to documents and views (redirect all request to a show that tells
users to sod off), while only allowing a PUT to the database and GET to the
said show.
On Sun, Feb 13, 2011 at 10:52 PM, Jonathan Geddes <geddes.jonathan@gmail.com
> wrote:
> couchdb users,
>
> I'm thinking of using a couchapp for an upcoming project, but there is
> one capability that I'm unsure of.
>
> I need a database that anyone can post to, but only admin can read
> from. The requirement is to allow users to post personal information
> that other users cannot see. If I understand the couchdb permissions
> model correctly, for a given db, anyone who can create documents can
> also read documents.
>
> Is there a way to do this with a couchapp? It seems a shame to have to
> add "middleware" just to get this one capability.
>
> thanks,
>
> --Jonathan
>