CouchDB验证和安全文档
[英]CouchDB validation and security document
问题描述
I am confused about what is the difference between the a security document (image below) 
我很困惑一个安全文件之间有什么区别(下图)
AND between the validate_doc_update function (see below) which placed within the design document. 设置文档中的validate_doc_update函数(见下文)之间的AND。
function(newDoc, oldDoc, usersCtx){
//validate code goes here
}
Which one is used at what point and what is the purpose of each one? 哪一个用于什么点,每个用途的目的是什么?
Thank you in advance. 先感谢您。
2 个解决方案
解决方案1
3 2015-02-15 23:19:21
The security document stores the state (data) whereas the validate document update function stores the behavior (logic). 安全文档存储状态(数据),而验证文档更新功能存储行为(逻辑)。 Together, they form an object in the OO sense. 它们共同构成了OO意义上的对象。
The complete signature of the validate_doc_update function is actually 实际上, validate_doc_update函数的完整签名
function(newDoc, oldDoc, userCtx, secObj)
where secObj is the security document. 其中secObj是安全文档。 So you can interpret validate_doc_update as a method of secObj if you prefer. 因此,如果您愿意,可以将validate_doc_update解释为secObj的方法 。 The goal is to keep your code tidy by not having to hardcode data in the validation code. 目标是通过不必在验证代码中硬编码数据来保持代码整洁。
解决方案2
0 2015-02-18 02:49:41
These are different concepts that apply to different scopes... 这些是适用于不同范围的不同概念......
Security Document This applies globally to a database. 安全文档这适用于全局数据库。 It controls which user names have admin roles and which have access. 它控制哪些用户名具有管理员角色以及哪些用户具有访问权 Provided that the database is not public only users named in this document can access (read or write) the database. 如果数据库不是公共的,则只有在本文档中命名的用户才能访问(读取或写入)数据库。 Note that authentication is handled elsewhere - this document deals only in authenticated usernames. 请注意,身份验证在其他位置处理 - 此文档仅处理经过身份验证的用户名。
Even without any validation functions the security document is important as it controls access at the database level. 即使没有任何验证功能,安全文档也很重要,因为它控制数据库级别的访问。
validate function The validation functions of a design document allow the designer to restrict changes to a document. 验证功能设计文档的验证功能允许设计人员限制对文档的更改。 Depending on the result of ALL the validate functions in all the design documents in a database, a PUT/POST will succeed or fail. 根据数据库中所有设计文档中所有验证函数的结果,PUT / POST将成功或失败。 The data available to a validation function is limited however - it cannot reference any other document except the one being updated and the security document. 然而,验证功能可用的数据是有限的 - 除了正在更新的文档和安全文档之外,它不能引用任何其他文档。
Using the validation function the designer could limit values for fields, control which fields can be changed, and vary permissions based on whether the current user is an admin or not for example. 使用验证功能,设计人员可以限制字段的值,控制哪些字段可以更改,以及根据当前用户是否为管理员来改变权限。 However it is not possible to check a new value is in a lookup list on another document, or that a reference to another document ID is valid. 但是,无法检查另一个文档的查找列表中的新值,或者对另一个文档ID的引用是否有效。
It is possible to use Validation functions in a public database that has no Security Document - so these two concepts can work together but neither requires the other. 可以在没有安全文档的公共数据库中使用验证函数 - 因此这两个概念可以一起工作但不需要另一个。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.