You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2016/05/16 15:58:58 UTC

[2/2] chttpd commit: updated refs/heads/master to f3d5d1b

restore 1.x _users and _replicator behaviour

COUCHDB-2991


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/f3d5d1b0
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/f3d5d1b0
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/f3d5d1b0

Branch: refs/heads/master
Commit: f3d5d1b0cd8eda814805b5a7290892ee0b3a73ab
Parents: 8dab8f8
Author: Jan Lehnardt <ja...@apache.org>
Authored: Mon May 16 13:01:04 2016 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Mon May 16 17:58:17 2016 +0200

----------------------------------------------------------------------
 src/chttpd_auth_request.erl | 8 ++++++++
 1 file changed, 8 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/f3d5d1b0/src/chttpd_auth_request.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_auth_request.erl b/src/chttpd_auth_request.erl
index b05c91f..90176c8 100644
--- a/src/chttpd_auth_request.erl
+++ b/src/chttpd_auth_request.erl
@@ -39,12 +39,20 @@ authorize_request_int(#httpd{path_parts=[<<"_replicator">>], method='PUT'}=Req)
     require_admin(Req);
 authorize_request_int(#httpd{path_parts=[<<"_replicator">>], method='DELETE'}=Req) ->
     require_admin(Req);
+authorize_request_int(#httpd{path_parts=[<<"_replicator">>,<<"_all_docs">>|_]}=Req) ->
+    require_admin(Req);
+authorize_request_int(#httpd{path_parts=[<<"_replicator">>,<<"_changes">>|_]}=Req) ->
+    require_admin(Req);
 authorize_request_int(#httpd{path_parts=[<<"_replicator">>|_]}=Req) ->
     db_authorization_check(Req);
 authorize_request_int(#httpd{path_parts=[<<"_users">>], method='PUT'}=Req) ->
     require_admin(Req);
 authorize_request_int(#httpd{path_parts=[<<"_users">>], method='DELETE'}=Req) ->
     require_admin(Req);
+authorize_request_int(#httpd{path_parts=[<<"_users">>,<<"_all_docs">>|_]}=Req) ->
+    require_admin(Req);
+authorize_request_int(#httpd{path_parts=[<<"_users">>,<<"_changes">>|_]}=Req) ->
+    require_admin(Req);
 authorize_request_int(#httpd{path_parts=[<<"_users">>|_]}=Req) ->
     db_authorization_check(Req);
 authorize_request_int(#httpd{path_parts=[<<"_", _/binary>>|_]}=Req) ->