Geek Answers Handbook

How can a user enter a group that has a specific reader role?

I deployed my application through Couchapp, which means that the entire application is served from a database. I don’t want the data in the Couchdb database to be publicly available, so I specified the role of the reader that the user must have before I send his data. However, when I go to the application, all I can get is:

{"error":"unauthorized","reason":"You are not authorized to access this db."}

Because it cannot even serve the login page that uses jquery.couch.js.

Any ideas on how to provide access to the application (i.e. the login does not use Futon for a user who needs access to read data)?

+4
source share
2 answers

At this time, the solution requires a bit of work. (There is pressure in the community to improve this, but I will explain the real answer instead of describing suggestions or sailing weapons.)

Create a welcome mat database with the following functions:

  • User admin ("jtsnake"): _security.admins = {"names":["jtsnake"], "roles":[]}
  • Publicly read: _security.readers = {"names":[], "roles":[]}}

  • It has a design document with the .validate_doc_update function. Allow unchanged except admin:

     function(newDoc, oldDoc, userCtx, secObj) { // _design/welcome_mat .validate_doc_update if(! userCtx.name) throw {"unauthorized": "Please log in to change the welcome mat"}; if(userCtx.roles.indexOf("_admin") === -1) throw {"forbidden": "Only the admin can change the welcome mat"}; log("Allowing welcome mat update by: " + userCtx.name); }

  • Finally, post your publicly available content in this database, such as the welcome screen, login screen, etc. Private data can enter the private database after the user logs in.

+5
source

In the specific case, when you and people can only talk directly with users of this application (for example, personal or internal), a quick solution that works well is a bookmarklet , which creates a user login form, establishes a session and refreshes the page:

 var form = '<div style="position: absolute; left: 50%; top: 50%; margin-left: -150px; margin-top: -100px; width:3 00px; height: 200px;">' + ' <form id="loginForm">' + ' <input placeholder="nome" name="name">' + ' <input placeholder="senha" type="password" name="password">' + ' <button onclick="login(event)">OK</button>' + ' </form>' + '</div>'; document.write(form); function login(event) { event.preventDefault(); event.returnValue = false; var form = document.getElementById('loginForm'); var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function () { if (xhr.readyState === 4) { location.reload(); } }; xhr.open('POST', '/_session', true); xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xhr.send('name=' + form.name.value + '&password=' + form.password.value); };

I do not know about other browsers, but in Chrome I create a bookmark and use this line as a URL:

javascript: var form = '<div style="position:absolute;left:50%;top:50%;margin-left:-150px;margin-top:-100px;width:300px;height:200px;"><form id="loginForm"><input placeholder="nome" name="name"><input placeholder="senha" type="password" name="password"><button onclick="login(event)">OK</button></form></div>';document.write(form);function login(event) { event.preventDefault(); event.returnValue = false; var form = document.getElementById('loginForm'); var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function () { if (xhr.readyState === 4) { location.reload(); }}; xhr.open('POST', '/_session', true); xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xhr.send('name=' + form.name.value + '&password=' + form.password.value);};

0
source

More articles:


All Articles