Skip to content

Instantly share code, notes, and snippets.

@lizconlan

lizconlan/CouchDB security - prevent non-admins from editing

Created July 26, 2010 12:37
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lizconlan/490482 to your computer and use it in GitHub Desktop.
Save lizconlan/490482 to your computer and use it in GitHub Desktop.
Download ZIP
CouchDB security - prevent non-admins from editing
Raw
CouchDB security - prevent non-admins from editing
function(newDoc, oldDoc, userCtx) {
if (userCtx.roles.indexOf('_admin') !== -1) {
return;
} else {
throw({forbidden: 'Only admins may edit the database'});
}
}
@lizconlan
Copy link
Author

@lizconlan
Copy link
Author

By default a new CouchDB database will have full public access.

Creating an admin user will only take you so far - it should prevent new databases being created and existing ones being deleted. You should also block reader access to any databases (e.g. ** _users **) that you do not want to be publicly available.

For data you are happy to open source:

  1. Create a new document called _design/_auth
  2. Create a new field called language
  3. Set the value to javascript
  4. Create a new field called validate_doc_update
  5. Paste in the above code and save the field
  6. Save the document

Run a few tests and you should be good to go :)

@lizconlan
Copy link
Author

version 2 blocks everything, version 1 left a loophole where an unauthorised user could upload an attachment and break the security model

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment