Offline/Online Sync in a Real World Ionic Application with CouchDB

Offline/Online Sync in a Real World Ionic Application with CouchDB

This is supposed to be a longer description

start
Lesson 17

Restricting Document Updates

Increase security by restricting who can update documents

PRO
Back to all modules list

Module Outline

  1. Source Code & Resources PRO
  2. Lesson 1: Introduction PUBLIC
  3. Lesson 2: Application Requirements PUBLIC
  4. Lesson 3: A Brief Introduction to NoSQL PUBLIC
  5. Lesson 4: Introduction to CouchDB PRO
  6. Lesson 5: Introduction to PouchDB PRO
  7. Lesson 6: Structuring Data in CouchDB PRO
  8. Lesson 7: Installing CouchDB Locally PRO
  9. Lesson 8: Adding Data to Futon PRO
  10. Lesson 9: Starting the Application PRO
  11. Lesson 10: Setting up the Basic User Interface PRO
  12. Lesson 11: Using Design Documents to Create Views in CouchDB PRO
  13. Lesson 12: Getting Data From CouchDB into Ionic PRO
  14. Lesson 13: Using Node, Express, and SuperLogin PRO
  15. Lesson 14: Login and Registration PRO
  16. Lesson 15: Offline Access and Reauthentication PRO
  17. Lesson 16: Advanced Form Validation PRO
  18. Lesson 17: Restricting Document Updates PRO
  19. Lesson 18: Filtering Data from CouchDB PRO
  20. Lesson 19: Improving User Experience PRO
  21. Lesson 20: Migrating to Production PRO
  22. Lesson 21: Conclusion PRO

Lesson Outline

  1. Restricting Document Updates

    1. Using validate_doc_update to Implement Access Control

      1. Summary

        Restricting Document Updates

        Earlier, we added some buttons to edit and delete notices, and we only display those buttons if the author of the notice matches the currently logged in user (we only want users to be able to edit and delete their own notices).

        However, you should never rely on the front end to enforce security rules. Javascript is client side, so it's easy enough for people to modify it and get around whatever kind of security you implement to restrict this. In order to enforce these rules, we need to do it outside of the front end. Typically this means having the server handle access control, but in the case of CouchDB we are going to implement security rules directly into the database itself with validate_doc_update functions.

        Using validate_doc_update to Implement Access Control

        Previously in this module, we used design documents to implement views for the database. We created a view that allows us to grab a list of notices ordered by the date they were last updated and a list of chats by the date they were created.

        We are going to extend our design documents to include a validate_doc_update function, which is implemented in a very similar way to a view. Instead of supplying a map function to the view, we will supply a different kind of function to validate_doc_update.

        Let's take a look at the function we will be using right now because I think it will be easier to explain if you can see it first.

        PRO

        Thanks for checking out the preview of this lesson!

        You do not have the appropriate membership to view the full lesson. If you would like full access to this module you can view membership options (or log in if you are already have an appropriate membership).