[couchdb] 03/10: fix(changes): only apply access logic on access enabled dbs

[ja...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch feat/access-3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 62f98d5701b9dd7abcd01b0c807a04346cdcb8c7
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Fri Jun 12 15:37:32 2020 +0200

    fix(changes): only apply access logic on access enabled dbs
---
 src/couch/src/couch_db.erl         | 28 ++++++++++++++++------------
 src/couch/src/couch_db_updater.erl | 16 ++++++++--------
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/src/couch/src/couch_db.erl b/src/couch/src/couch_db.erl
index e9bc478..ecd456c 100644
--- a/src/couch/src/couch_db.erl
+++ b/src/couch/src/couch_db.erl
@@ -744,21 +744,25 @@ security_error_type(#user_ctx{name=null}) ->
 security_error_type(#user_ctx{name=_}) ->
     forbidden.
 
-validate_access(Db, #doc{meta=Meta}=Doc) ->
+validate_access(Db, Doc) ->
+    validate_access1(has_access_enabled(Db), Db, Doc).
+
+validate_access1(false, _Db, _Doc) -> ok;
+validate_access1(true, Db, #doc{meta=Meta}=Doc) ->
     case proplists:get_value(conflicts, Meta) of
         undefined -> % no conflicts
-            validate_access1(Db, Doc);
+            validate_access2(Db, Doc);
         _Else -> % only admins can read conflicted docs in _access dbs
             case is_admin(Db) of
                 true -> ok;
                 _Else2 -> throw({forbidden, <<"document is in conflict">>})
             end
     end.
-validate_access1(Db, Doc) ->
-    validate_access2(check_access(Db, Doc)).
+validate_access2(Db, Doc) ->
+    validate_access3(check_access(Db, Doc)).
 
-validate_access2(true) -> ok;
-validate_access2(_) -> throw({forbidden, <<"can't touch this">>}).
+validate_access3(true) -> ok;
+validate_access3(_) -> throw({forbidden, <<"can't touch this">>}).
 
 check_access(Db, #doc{access=Access}=Doc) ->
     % couch_log:info("~ncheck da access, Doc: ~p, Db: ~p~n", [Doc, Db]),
@@ -1588,9 +1592,9 @@ is_active_stream(Db, StreamEngine) ->
     couch_db_engine:is_active_stream(Db, StreamEngine).
 
 changes_since(Db, StartSeq, Fun, Options, Acc) when is_record(Db, db) ->
-    case couch_db:is_admin(Db) of
-        true -> couch_db_engine:fold_changes(Db, StartSeq, Fun, Options, Acc);
-        false -> couch_mrview:query_changes_access(Db, StartSeq, Fun, Options, Acc)
+    case couch_db:has_access_enabled(Db) and not couch_db:is_admin(Db) of
+        true -> couch_mrview:query_changes_access(Db, StartSeq, Fun, Options, Acc);
+        false -> couch_db_engine:fold_changes(Db, StartSeq, Fun, Options, Acc)
     end.
 
 % TODO: nicked from couch_mrview, maybe move to couch_mrview.hrl
@@ -1728,9 +1732,9 @@ fold_changes(Db, StartSeq, UserFun, UserAcc) ->
     fold_changes(Db, StartSeq, UserFun, UserAcc, []).
 
 fold_changes(Db, StartSeq, UserFun, UserAcc, Opts) ->
-    case couch_db:is_admin(Db) of
-        true -> couch_db_engine:fold_changes(Db, StartSeq, UserFun, UserAcc, Opts);
-        false -> couch_mrview:query_changes_access(Db, StartSeq, UserFun, Opts, UserAcc)
+    case couch_db:has_access_enabled(Db) and not couch_db:is_admin(Db) of
+        true -> couch_mrview:query_changes_access(Db, StartSeq, UserFun, Opts, UserAcc);
+        false -> couch_db_engine:fold_changes(Db, StartSeq, UserFun, UserAcc, Opts)
     end.
 
 fold_purge_infos(Db, StartPurgeSeq, Fun, Acc) ->
diff --git a/src/couch/src/couch_db_updater.erl b/src/couch/src/couch_db_updater.erl
index 164c8b7..b108aca 100644
--- a/src/couch/src/couch_db_updater.erl
+++ b/src/couch/src/couch_db_updater.erl
@@ -453,11 +453,11 @@ merge_rev_trees([], [], Acc) ->
         add_infos = lists:reverse(Acc#merge_acc.add_infos)
     }};
 merge_rev_trees([NewDocs | RestDocsList], [OldDocInfo | RestOldInfo], Acc) ->
-    couch_log:info("~nNewDocs: ~p~n", [NewDocs]),
-    couch_log:info("~nRestDocsList: ~p~n", [RestDocsList]),
-    couch_log:info("~nOldDocInfo: ~p~n", [OldDocInfo]),
-    couch_log:info("~nRestOldInfo: ~p~n", [RestOldInfo]),
-    couch_log:info("~nAcc: ~p~n", [Acc]),
+    % couch_log:info("~nNewDocs: ~p~n", [NewDocs]),
+    % couch_log:info("~nRestDocsList: ~p~n", [RestDocsList]),
+    % couch_log:info("~nOldDocInfo: ~p~n", [OldDocInfo]),
+    % couch_log:info("~nRestOldInfo: ~p~n", [RestOldInfo]),
+    % couch_log:info("~nAcc: ~p~n", [Acc]),
     #merge_acc{
         revs_limit = Limit,
         merge_conflicts = MergeConflicts,
@@ -669,9 +669,9 @@ update_docs_int(Db, DocsList, LocalDocs, MergeConflicts) ->
         cur_seq = UpdateSeq,
         full_partitions = FullPartitions
     },
-    couch_log:info("~nDocsList: ~p~n", [DocsList]),
-    couch_log:info("~nOldDocInfos: ~p~n", [OldDocInfos]),
-    couch_log:info("~nAccIn: ~p~n", [AccIn]),
+    % couch_log:info("~nDocsList: ~p~n", [DocsList]),
+    % couch_log:info("~nOldDocInfos: ~p~n", [OldDocInfos]),
+    % couch_log:info("~nAccIn: ~p~n", [AccIn]),
     {ok, AccOut} = merge_rev_trees(DocsList, OldDocInfos, AccIn),
     #merge_acc{
         add_infos = NewFullDocInfos,