You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2022/08/06 13:43:58 UTC

[couchdb] 03/07: feat(access): add global off switch

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 17ec65823276c573dd527bd0907763edbc40ae97
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sat Aug 6 12:48:36 2022 +0200

    feat(access): add global off switch
---
 rel/overlay/etc/default.ini                   | 4 ++++
 src/chttpd/src/chttpd_db.erl                  | 9 +++++++--
 src/couch/test/eunit/couchdb_access_tests.erl | 1 +
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index cefd9e493..6888f6fad 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -328,6 +328,10 @@ authentication_db = _users
 ; max_iterations, password_scheme, password_regexp, proxy_use_secret,
 ; public_fields, secret, users_db_public, cookie_domain, same_site
 
+; Per document access settings
+[per_doc_access]
+;enabled = false
+
 ; CSP (Content Security Policy) Support
 [csp]
 ;utils_enable = true
diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl
index e07b58223..58c801829 100644
--- a/src/chttpd/src/chttpd_db.erl
+++ b/src/chttpd/src/chttpd_db.erl
@@ -2084,9 +2084,14 @@ parse_shards_opt("placement", Req, Default) ->
 parse_shards_opt("access", Req, Value) when is_list(Value) ->
     parse_shards_opt("access", Req, list_to_existing_atom(Value));
 parse_shards_opt("access", _Req, Value) when is_boolean(Value) ->
-    Value;
+    case config:get_boolean("per_doc_access", "enabled", false) of
+        true -> Value;
+        false ->
+            Err = ?l2b(["The `access` is not available on this CouchDB installation."]),
+            throw({bad_request, Err})
+    end;
 parse_shards_opt("access", _Req, _Value) ->
-    Err = ?l2b(["The woopass `access` value should be a boolean."]),
+    Err = ?l2b(["The `access` value should be a boolean."]),
     throw({bad_request, Err});
 
 parse_shards_opt(Param, Req, Default) ->
diff --git a/src/couch/test/eunit/couchdb_access_tests.erl b/src/couch/test/eunit/couchdb_access_tests.erl
index 28f27ea72..1b656499c 100644
--- a/src/couch/test/eunit/couchdb_access_tests.erl
+++ b/src/couch/test/eunit/couchdb_access_tests.erl
@@ -46,6 +46,7 @@ before_all() ->
     ok = config:set("admins", "a", binary_to_list(Hashed), _Persist=false),
     ok = config:set("couchdb", "uuid", "21ac467c1bc05e9d9e9d2d850bb1108f", _Persist=false),
     ok = config:set("log", "level", "debug", _Persist=false),
+    ok = config:set("per_doc_access", "enabled", "true", _Persist=false),
 
     % cleanup and setup
     {ok, _, _, _} = test_request:delete(url() ++ "/db", ?ADMIN_REQ_HEADERS),