Per-document access control

[wohali]

(@janl: Rewriting the issue to reflect the work status)

Todo:

• isolate couch_doc.erl patch to permit new private-to-couchdb field _access, so we can maintain replication compatibility. This can land at any time, and we should at least do one 2.x release with this. If the rest of this doesn’t land for 3.0, this one patch should be in 3.0 for the same reason. (complexity: 1)

• rebase against master. the current WIP branch is about a year old, and while not a lot has changed in the parts, and the patch isn’t that large, some adjustments needs to be made (complexity: 3)

• fix revs_diff endpoint (explanation TBD) (complexity: 1)

• update replicator to write local docs with _access if source and/or target are access-enabled (complexity: 2)

• clean up RFC to be more RFC-like (c.f. Garren’s comments there) (complexity: 1)

• write end-user docs and release notes (complexity: 1)

Old ticket content

@janl says: >I don’t know what this will look like, but this is a pattern, and we need to support it better. > >One approach could be “virtual dbs” that are backed by a single database, but that’s usually at odds with views, so we could make this an XOR and disable views on these dbs. Since this usually powers client-heavy apps, querying usually happens there anyway. > >Another approach would be better / easier cross-db aggregation or querying. There are a few approaches, but nothing really slick.

[janl]

I think this is captured in the _access proposal best: https://lists.apache.org/thread.html/6aa77dd8e5974a3a540758c6902ccb509ab5a2e4802ecf4fd724a5e4@%3Cdev.couchdb.apache.org%3E

[janl]

I keep not finding this issue because of the old title, I hope the change is okay.

[janl]

latest updates on dev@ https://lists.apache.org/thread.html/1aae26aa329817d8c54bab615a0df1c3a7b0fd34f17a2321ecf047f3@%3Cdev.couchdb.apache.org%3E

[janl]

First RFC is up here: apache/couchdb-documentation#424