_security object is an exception to the document model

Question

_security object is an exception to the document model

djc opened this issue 10 years ago · comments

From pokstad@gmail.com on June 14, 2014 20:13:38

What steps will reproduce the problem? 1. Instantiate server:
server = couchdb.client.Server("http://admin:password@localhost:5984"
2. Try to set the _security object for a database you have admin privileges for:
server['test']['_security']={'members':{'names':[],'roles':['meow']},'admins':{'names':[],'roles':[]}} What is the expected output? What do you see instead? The expected outcome is that the method should return successfully, what happens is that an error is thrown:

server['test']['_security']={'members':{'names':[],'roles':['meow']},'admins':{'names':[],'roles':[]}}
Traceback (most recent call last):
File "", line 1, in
File "couchdb/client.py", line 351, in setitem
content.update({'_id': data['id'], '_rev': data['rev']})
KeyError: 'id'

This is likely due to the fact that the returned document does not have a _id or _rev attribute. This is because the security document is not a real document and does not follow the same rules as other documents in the database. What version of the product are you using? On what operating system? CouchDB 1.6 on Mac OS X using the latest version of couchdb-python in the repo.

Original issue: http://code.google.com/p/couchdb-python/issues/detail?id=238

Dirkjan Ochtman · Answer 1 · Sat Jul 12 2014 22:16:22 GMT+0800 (China Standard Time)

From pokstad@gmail.com on June 14, 2014 18:43:00

This issue could be resolved pretty easily by adding a check right before the affected line of code (351 of client.py):

if 'id' in data and 'rev' in data:
content.update({'_id': data['id'], '_rev': data['rev']})

Dirkjan Ochtman · Answer 2 · Sat Jul 12 2014 22:16:23 GMT+0800 (China Standard Time)

From djc.ochtman on June 29, 2014 02:26:06

That solves one use case, but I think we have other problems with security objects as well (i.e. just with receiving them?). We should try to solve all of them, but I'm not sure what API would make sense. Maybe there should be dedicated API.

Dirkjan Ochtman · Answer 3 · Sat Jul 12 2014 22:16:24 GMT+0800 (China Standard Time)

From pokstad@gmail.com on July 01, 2014 08:54:54

Yes, it does fail on retrieval as well. Maybe an API like this:

db = server['meow']
db.readers.users = ['kitty']
db.admins.roles = ['poopsykins']

OR, this would be faster to execute in a single request:

db.security = {
'readers':{'users':['kitty']},
'admins':{'roles':['poopsykins']}
}

Dirkjan Ochtman · Answer 4 · Sat Jul 12 2014 22:16:24 GMT+0800 (China Standard Time)

From djc.ochtman on July 01, 2014 11:13:15

Yeah, I think a db.security attribute could work pretty well.

Dirkjan Ochtman · Answer 5 · Sat Jul 12 2014 22:16:25 GMT+0800 (China Standard Time)

From djc.ochtman on July 06, 2014 04:40:37

Okay, a very basic implementation is in r7cd158aa7c1b . Please check whether this fulfills your use cases.

Status: Fixed