You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2020/06/12 17:54:13 UTC
[couchdb] 03/10: fix(changes): only apply access logic on access
enabled dbs
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch feat/access-3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 62f98d5701b9dd7abcd01b0c807a04346cdcb8c7
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Fri Jun 12 15:37:32 2020 +0200
fix(changes): only apply access logic on access enabled dbs
---
src/couch/src/couch_db.erl | 28 ++++++++++++++++------------
src/couch/src/couch_db_updater.erl | 16 ++++++++--------
2 files changed, 24 insertions(+), 20 deletions(-)
diff --git a/src/couch/src/couch_db.erl b/src/couch/src/couch_db.erl
index e9bc478..ecd456c 100644
--- a/src/couch/src/couch_db.erl
+++ b/src/couch/src/couch_db.erl
@@ -744,21 +744,25 @@ security_error_type(#user_ctx{name=null}) ->
security_error_type(#user_ctx{name=_}) ->
forbidden.
-validate_access(Db, #doc{meta=Meta}=Doc) ->
+validate_access(Db, Doc) ->
+ validate_access1(has_access_enabled(Db), Db, Doc).
+
+validate_access1(false, _Db, _Doc) -> ok;
+validate_access1(true, Db, #doc{meta=Meta}=Doc) ->
case proplists:get_value(conflicts, Meta) of
undefined -> % no conflicts
- validate_access1(Db, Doc);
+ validate_access2(Db, Doc);
_Else -> % only admins can read conflicted docs in _access dbs
case is_admin(Db) of
true -> ok;
_Else2 -> throw({forbidden, <<"document is in conflict">>})
end
end.
-validate_access1(Db, Doc) ->
- validate_access2(check_access(Db, Doc)).
+validate_access2(Db, Doc) ->
+ validate_access3(check_access(Db, Doc)).
-validate_access2(true) -> ok;
-validate_access2(_) -> throw({forbidden, <<"can't touch this">>}).
+validate_access3(true) -> ok;
+validate_access3(_) -> throw({forbidden, <<"can't touch this">>}).
check_access(Db, #doc{access=Access}=Doc) ->
% couch_log:info("~ncheck da access, Doc: ~p, Db: ~p~n", [Doc, Db]),
@@ -1588,9 +1592,9 @@ is_active_stream(Db, StreamEngine) ->
couch_db_engine:is_active_stream(Db, StreamEngine).
changes_since(Db, StartSeq, Fun, Options, Acc) when is_record(Db, db) ->
- case couch_db:is_admin(Db) of
- true -> couch_db_engine:fold_changes(Db, StartSeq, Fun, Options, Acc);
- false -> couch_mrview:query_changes_access(Db, StartSeq, Fun, Options, Acc)
+ case couch_db:has_access_enabled(Db) and not couch_db:is_admin(Db) of
+ true -> couch_mrview:query_changes_access(Db, StartSeq, Fun, Options, Acc);
+ false -> couch_db_engine:fold_changes(Db, StartSeq, Fun, Options, Acc)
end.
% TODO: nicked from couch_mrview, maybe move to couch_mrview.hrl
@@ -1728,9 +1732,9 @@ fold_changes(Db, StartSeq, UserFun, UserAcc) ->
fold_changes(Db, StartSeq, UserFun, UserAcc, []).
fold_changes(Db, StartSeq, UserFun, UserAcc, Opts) ->
- case couch_db:is_admin(Db) of
- true -> couch_db_engine:fold_changes(Db, StartSeq, UserFun, UserAcc, Opts);
- false -> couch_mrview:query_changes_access(Db, StartSeq, UserFun, Opts, UserAcc)
+ case couch_db:has_access_enabled(Db) and not couch_db:is_admin(Db) of
+ true -> couch_mrview:query_changes_access(Db, StartSeq, UserFun, Opts, UserAcc);
+ false -> couch_db_engine:fold_changes(Db, StartSeq, UserFun, UserAcc, Opts)
end.
fold_purge_infos(Db, StartPurgeSeq, Fun, Acc) ->
diff --git a/src/couch/src/couch_db_updater.erl b/src/couch/src/couch_db_updater.erl
index 164c8b7..b108aca 100644
--- a/src/couch/src/couch_db_updater.erl
+++ b/src/couch/src/couch_db_updater.erl
@@ -453,11 +453,11 @@ merge_rev_trees([], [], Acc) ->
add_infos = lists:reverse(Acc#merge_acc.add_infos)
}};
merge_rev_trees([NewDocs | RestDocsList], [OldDocInfo | RestOldInfo], Acc) ->
- couch_log:info("~nNewDocs: ~p~n", [NewDocs]),
- couch_log:info("~nRestDocsList: ~p~n", [RestDocsList]),
- couch_log:info("~nOldDocInfo: ~p~n", [OldDocInfo]),
- couch_log:info("~nRestOldInfo: ~p~n", [RestOldInfo]),
- couch_log:info("~nAcc: ~p~n", [Acc]),
+ % couch_log:info("~nNewDocs: ~p~n", [NewDocs]),
+ % couch_log:info("~nRestDocsList: ~p~n", [RestDocsList]),
+ % couch_log:info("~nOldDocInfo: ~p~n", [OldDocInfo]),
+ % couch_log:info("~nRestOldInfo: ~p~n", [RestOldInfo]),
+ % couch_log:info("~nAcc: ~p~n", [Acc]),
#merge_acc{
revs_limit = Limit,
merge_conflicts = MergeConflicts,
@@ -669,9 +669,9 @@ update_docs_int(Db, DocsList, LocalDocs, MergeConflicts) ->
cur_seq = UpdateSeq,
full_partitions = FullPartitions
},
- couch_log:info("~nDocsList: ~p~n", [DocsList]),
- couch_log:info("~nOldDocInfos: ~p~n", [OldDocInfos]),
- couch_log:info("~nAccIn: ~p~n", [AccIn]),
+ % couch_log:info("~nDocsList: ~p~n", [DocsList]),
+ % couch_log:info("~nOldDocInfos: ~p~n", [OldDocInfos]),
+ % couch_log:info("~nAccIn: ~p~n", [AccIn]),
{ok, AccOut} = merge_rev_trees(DocsList, OldDocInfos, AccIn),
#merge_acc{
add_infos = NewFullDocInfos,