On Sat, Feb 11, 2012 at 4:00 AM, Jason Smith <[email protected]> wrote: > On Sat, Feb 11, 2012 at 3:06 AM, Randall Leeds <[email protected]> > wrote: >> On Feb 9, 2012 6:09 PM, "Randall Leeds" <[email protected]> wrote: >>> >>> On Thu, Feb 9, 2012 at 17:48, Jason Smith <[email protected]> wrote: >>> > Hi, Noah. When I saw it hit Git, I realized it was a breaking change, >>> > and I asked around. If memory serves, Randall happened to be on at the >>> > time and he asked me the same question you just did. I said I never >>> > saw an RFC email and that's when he realized it was not done publicly. >>> >>> I was aware the entire time, but I think the motivation is sound and >>> it needed to be done. A couple committers spoke up to say we didn't >>> think it was sensitive enough to warrant the private discussion but >>> ultimately there was broad consensus on the implementation and the >>> change itself. One of those (let us all celebrate) extremely rare >>> times where there wasn't opportunity for broad community input. >>> >>> Creating a view on _users that pulls the relevant parts of a user >>> document out is the way forward for public profiles, I think. >>> If someone would write a blog post showing how that works it'd be >>> great. In retrospect this would have been a great thing to do weeks >>> ago. Lesson learned. >> >> Just to be clear I don't want to dismiss your concerns. If you believe this >> needs a config option rather than just documentation now is a good time to >> speak up loudly since the vote was aborted. > > Thanks. I am concerned. To me, the change is noteworthy but not a showstopper. > > I tested your suggestion, however I do not think it is possible. > Non-admins cannot access a view. > > $ curlp http://admin:admin@localhost:5984/_users/_design/public -d > '{"views":{"all":{"map":"function(doc) { emit(doc._id, doc) }"}}}' > {"ok":true,"id":"_design/public","rev":"1-f605d1ea7825645132f54a91a76a1ddc"} > > $ curl -i http://user:user@localhost:5984/_users/_design/public/_view/all > HTTP/1.1 403 Forbidden > Server: CouchDB/1.2.0 (Erlang OTP/R15B) > Date: Sat, 11 Feb 2012 02:57:43 GMT > Content-Type: text/plain; charset=utf-8 > Content-Length: 102 > Cache-Control: must-revalidate > > {"error":"forbidden","reason":"Only admins can access design document > actions for system databases."} > Yes that's by design.
- benoƮt
