https://stackoverflow.com/questions/21285461
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou can restrict write access by writing a validate_doc_update() function in a _design document. You can find the details in the official CouchDB documentation.
For example, this function would restrict write operations to admins only:
function(newDoc, oldDoc, userCtx, secObj) {
// allow modifications by admins only.
if ((userCtx.roles.indexOf('_admin') !== -1)) {
return;
}
throw({forbidden: 'You are not allowed to edit public documents.'});
}
Put this into a _design/readonly document (or whatever name you'd like for the design document), and name the function validate_doc_update.
Each design doc can only have one validate_doc_update function, but you can of course define several design documents. Whenever a write operation is tried by anyone, the document is sent to all those validation functions in sequence. If any function throws an error, the update is rejected.
So be careful not to replicate this design document to databases which normal users should be able to write to!
As far as I know, regular replications will still work, because validation functions are not executed against the replication checkpoint documents (they have the special /_local/ prefix). But you should definitively try this out to be sure.
Performance implications:
The validate functions are executed every time a document write occurs, even for admin writes, also for replications. Depending on your application, you might consider some special strategies for replications to improve performance.
The setup you described shouldn't pose a problem, though: Users are not allowed to write, so it's ok if they experience slow replications to your public database. And if your public database is updated only very seldomly, there shouldn't be any performance problems either.
Hope I could help!
