You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by mi...@apache.org on 2015/07/15 12:20:27 UTC

[2/2] fabric commit: updated refs/heads/master to 3c204d0

Restrict views in the authentication DB to admins

This commit teaches fabric to restrict access to views in the
authentication DB to administrators by calling through to
couch_db_users:after_doc_read/2 after the design doc is read.

COUCHDB-2738

This closes #23


Project: http://git-wip-us.apache.org/repos/asf/couchdb-fabric/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fabric/commit/3c204d00
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fabric/tree/3c204d00
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fabric/diff/3c204d00

Branch: refs/heads/master
Commit: 3c204d00967318d14d767316c14639d1ba8f1d23
Parents: c30665d
Author: Mike Wallace <mi...@apache.org>
Authored: Wed Jul 15 10:54:05 2015 +0100
Committer: Mike Wallace <mi...@apache.org>
Committed: Wed Jul 15 11:16:30 2015 +0100

----------------------------------------------------------------------
 src/fabric.erl | 8 ++++++++
 1 file changed, 8 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-fabric/blob/3c204d00/src/fabric.erl
----------------------------------------------------------------------
diff --git a/src/fabric.erl b/src/fabric.erl
index c3a95fb..c1e0cd5 100644
--- a/src/fabric.erl
+++ b/src/fabric.erl
@@ -315,6 +315,14 @@ query_view(Db, GroupId, ViewName, Callback, Acc0, QueryArgs)
     query_view(DbName, DDoc, ViewName, Callback, Acc0, QueryArgs);
 query_view(DbName, DDoc, ViewName, Callback, Acc0, QueryArgs0) ->
     Db = dbname(DbName), View = name(ViewName),
+    case fabric_util:is_users_db(Db) of
+    true ->
+        Req = Acc0#vacc.req,
+        FakeDb = fabric_util:fake_db([{user_ctx, Req#httpd.user_ctx}]),
+        couch_users_db:after_doc_read(DDoc, FakeDb);
+    false ->
+        ok
+    end,
     {ok, #mrst{views=Views, language=Lang}} =
         couch_mrview_util:ddoc_to_mrst(Db, DDoc),
     QueryArgs1 = couch_mrview_util:set_view_type(QueryArgs0, View, Views),