You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Robert Newson (JIRA)" <ji...@apache.org> on 2012/06/23 13:08:42 UTC
[jira] [Created] (COUCHDB-1502) Users unable to delete own _users
doc
Robert Newson created COUCHDB-1502:
--------------------------------------
Summary: Users unable to delete own _users doc
Key: COUCHDB-1502
URL: https://issues.apache.org/jira/browse/COUCHDB-1502
Project: CouchDB
Issue Type: Bug
Affects Versions: 1.2
Reporter: Robert Newson
Assignee: Robert Newson
Fix For: 1.2.1
Since the introduction of system db security a user cannot delete their own _users doc. This is because we test that the "name" field of the updated document matches the userCtx. It doesn't in the case of a DELETE because the body only contains _id, _rev and _deleted.
Changing the code to compare the username embedded in the doc _id instead is a fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [jira] [Resolved] (COUCHDB-1502) Users unable to delete own
_users doc
Posted by Benoit Chesneau <bc...@gmail.com>.
I don't understand that ticket. Why do you want to delete a deleted user ?
On Sat, Jun 23, 2012 at 2:16 PM, Robert Newson (JIRA) <ji...@apache.org> wrote:
>
> [ https://issues.apache.org/jira/browse/COUCHDB-1502?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Robert Newson resolved COUCHDB-1502.
> ------------------------------------
>
> Resolution: Fixed
>
>> Users unable to delete own _users doc
>> -------------------------------------
>>
>> Key: COUCHDB-1502
>> URL: https://issues.apache.org/jira/browse/COUCHDB-1502
>> Project: CouchDB
>> Issue Type: Bug
>> Affects Versions: 1.2
>> Reporter: Robert Newson
>> Assignee: Robert Newson
>> Fix For: 1.2.1
>>
>>
>> Since the introduction of system db security a user cannot delete their own _users doc. This is because we test that the "name" field of the updated document matches the userCtx. It doesn't in the case of a DELETE because the body only contains _id, _rev and _deleted.
>> Changing the code to compare the username embedded in the doc _id instead is a fix.
>
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
[jira] [Resolved] (COUCHDB-1502) Users unable to delete own _users
doc
Posted by "Robert Newson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COUCHDB-1502?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson resolved COUCHDB-1502.
------------------------------------
Resolution: Fixed
> Users unable to delete own _users doc
> -------------------------------------
>
> Key: COUCHDB-1502
> URL: https://issues.apache.org/jira/browse/COUCHDB-1502
> Project: CouchDB
> Issue Type: Bug
> Affects Versions: 1.2
> Reporter: Robert Newson
> Assignee: Robert Newson
> Fix For: 1.2.1
>
>
> Since the introduction of system db security a user cannot delete their own _users doc. This is because we test that the "name" field of the updated document matches the userCtx. It doesn't in the case of a DELETE because the body only contains _id, _rev and _deleted.
> Changing the code to compare the username embedded in the doc _id instead is a fix.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira