Skip to content

Fauxton: Create fx roles #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
garrensmith wants to merge 1 commit into from
Closed

Fauxton: Create fx roles #249

garrensmith wants to merge 1 commit into from

Conversation

@garrensmith
Copy link
Member

@garrensmith garrensmith commented Jun 18, 2014

Fauxton auth works by checking what roles a user has and then decide if
they have access to a specific route. The only problem is a regular user
might get created but not have any roles. Unlike an admin user who get
assigned all the roles on creation.

The idea behind this is that certain routes should require a user to be
logged in but not necessary have any roles eg. #changePassword route.

This allows for a standard fauxton role that all logged in users get given so that
we can check via the roles if they are logged

@garrensmith
Fauxton: Create fx roles
8b22969 
Fauxton auth works by checking what roles a user has and then decide if
they have access to a specific route. The only problem is a regular user
might get created but not have any roles. Unlike an admin user who get
assigned all the roles on creation.

The idea behind this is that certain routes should require a user to be
logged in but not necessary have any roles eg. #changePassword route.

This allows for a standard fauxton role that all logged in users get given so that
we can check via the roles if they are logged
@kxepal
Copy link
Member

kxepal commented Jun 18, 2014

How about just _fauxton ?

@garrensmith
Copy link
Member Author

garrensmith commented Jun 18, 2014

I would prefer to prefix it so we can add other roles later if need be.

@kxepal
Copy link
Member

kxepal commented Jun 18, 2014

I'd wouldn't be so optimistic since this mostly looks like a hack. But anyway, leading _ guarantees that no admin will create collision with your role to grant some actions on fauxton to specific users - CouchDB will not allow that, and _fauxton by itself is good prefix too.

@kxepal
Copy link
Member

kxepal commented Jun 18, 2014

Also, am I right that you'd only fixed access to "Change Password" page? Because access to databases/replication still asks to log in (even if you're).

@garrensmith
Copy link
Member Author

garrensmith commented Jun 18, 2014

Correct I haven’t added it to databases and replication yet. I can do that. I first wanted to get some opinions on this approach. Its not the prettiest approach but I don’t want to spend too much time on auth until the Big Couch merge is over. So this should be “good enough” for now.

On 18 Jun 2014, at 4:44 PM, Alexander Shorin notifications@github.com wrote:

Also, am I right that you'd only fixed access to "Change Password" page? Because access to databases/replication still asks to log in (even if you're).


Reply to this email directly or view it on GitHub.

@kxepal
Copy link
Member

kxepal commented Jun 18, 2014

Errhm..I just read the auth/resources.js code and found there nice function isLoggedIn - why not to use it instead of fake role to control access to "Change Password" page? Actually, access to that page is only reasonable when user is not anonymous e.g. has userCtx.name non null.

@garrensmith
Copy link
Member Author

garrensmith commented Jun 19, 2014

The isLoggedIn can work but the problem is we need to define via the auth roles in a RouteObject that this route needs to the user to be logged in. The only way to do that is via the roles.

@robertkowalski
Copy link
Member

robertkowalski commented Jun 19, 2014

Will auth change with the BigCouch merge?

@kxepal
Copy link
Member

kxepal commented Jun 19, 2014

@robertkowalski not auth, but set of default roles I believe. The code caused the issue was ported from Cloudant fork and it forces check user for some special roles.

@robertkowalski
Copy link
Member

robertkowalski commented Jun 19, 2014

I think I am okay with it, I also have no better idea just now for a quick fix.

@garrensmith
Copy link
Member Author

garrensmith commented Jun 23, 2014

Great thanks. Merged.

lag-linaro pushed a commit to lag-linaro/couchdb that referenced this pull request Oct 25, 2018
Regression test for apache#249
23c63f7
lag-linaro pushed a commit to lag-linaro/couchdb that referenced this pull request Oct 25, 2018
Fix apache#249 (erlc regression)
49c2564 
The combination of changes to rebar_erlc_compiler, and the fact
that erl_first_files is inherited, caused a regression. To fix
that, ensure every project uses its own .rebar/erlcinfo. While at
it, fix the issue that erl_first_files entries were not included
when initializing the dep digraph.

Reported-by: Louis-Philippe Gauthier
Reported-by: Roland Karlsson

Thanks: Tuncer Ayaz
lag-linaro pushed a commit to lag-linaro/couchdb that referenced this pull request Oct 25, 2018
@tsloughter
Merge pull request apache#285 from nevar/fix_inheritance
8a0d8ad 
Fix apache#249 (erlc regression)
@garrensmith garrensmith deleted the create_fauxton_role branch December 12, 2019 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@garrensmith @kxepal @robertkowalski