search

ACRA / acralyzer

Open source backend for ACRA reports.
GNU General Public License v3.0
489 stars 90 forks source link

Unable to follow user permissions instructions on Cloudant #30

Closed davinic closed 11 years ago

davinic commented 11 years ago

The setup guide does not cover installation on Cloudant servers. According to the Cloudant FAQ:

If you want to use the _users database you must first turn off Cloudant's own security for the roles you want to manage via _users. To do this you need to PUT a JSON document like the following to the _security endpoint of the database (for example https://USERNAME.cloudant.com/DATABASE/_security):

https://cloudant.com/for-developers/faq/auth/

I was unable to create permissions for a user called "reporter" and am getting 403 errors when trying to sumbit reports, even with the admin user. In the meantime I removed the javascript function during the check for authorization in the CouchDb design doc.

KevinGaudin commented 11 years ago

It looks like Cloudant updated their user management system. The page I was referring to in the wiki does not exist anymore.

The interesting part is that they implemented their own user management dashboard with specific roles and a "_writer" permission which would allow us to have reporter-only users.

We have to update this part.

@halkeye has started using Cloudant recently. He certainly has now some insight about users management there.

halkeye commented 11 years ago

I haven't actually got around to creating new users. I should be doing it tomorrow night though.

KevinGaudin commented 11 years ago

I've just been testing Cloudant again using the "Generate API Key feature" from their dashboard. It's exactly what we needed to handle the creation of write-only users.

You click a button, Cloudant gives you a random generated user/password, you just check it's _writer role for the acra-storage database, and you're done.

We can update the "reporter" role to "_writer" in the update validation function.

It's a pitty that this is not a standard CouchDB feature, though...

halkeye commented 11 years ago

I updated my pull request (https://github.com/ACRA/acra-storage/pull/1) to include _writer

I'm trying to figure out how to call the generate-api-key programaticly so I can add it to the tool though that might be too cloudant specific to add in.

KevinGaudin commented 11 years ago

I updated the wiki with instructions about setting up a API Key user with Write only role.