CouchDB validation and security document
Question
I am confused about what is the difference between the a security document (image below)
AND between the validate_doc_update function (see below) which placed within the design document.
function(newDoc, oldDoc, usersCtx){
//validate code goes here
}
Which one is used at what point and what is the purpose of each one?
Thank you in advance.
2 answers
solution1
3 2015-02-15 23:19:21
The security document stores the state (data) whereas the validate document update function stores the behavior (logic). Together, they form an object in the OO sense.
The complete signature of the validate_doc_update function is actually
function(newDoc, oldDoc, userCtx, secObj)
where secObj is the security document. So you can interpret validate_doc_update as a method of secObj if you prefer. The goal is to keep your code tidy by not having to hardcode data in the validation code.
solution2
0 2015-02-18 02:49:41
These are different concepts that apply to different scopes...
Security Document This applies globally to a database. It controls which user names have admin roles and which have access. Provided that the database is not public only users named in this document can access (read or write) the database. Note that authentication is handled elsewhere - this document deals only in authenticated usernames.
Even without any validation functions the security document is important as it controls access at the database level.
validate function The validation functions of a design document allow the designer to restrict changes to a document. Depending on the result of ALL the validate functions in all the design documents in a database, a PUT/POST will succeed or fail. The data available to a validation function is limited however - it cannot reference any other document except the one being updated and the security document.
Using the validation function the designer could limit values for fields, control which fields can be changed, and vary permissions based on whether the current user is an admin or not for example. However it is not possible to check a new value is in a lookup list on another document, or that a reference to another document ID is valid.
It is possible to use Validation functions in a public database that has no Security Document - so these two concepts can work together but neither requires the other.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.