You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by jc...@apache.org on 2010/04/07 22:00:41 UTC

svn commit: r931661 - in /couchdb/branches/0.11.x: ./ etc/default/couchdb share/www/script/test/reader_acl.js src/couchdb/couch_db.erl src/couchdb/couch_httpd_view.erl

Author: jchris
Date: Wed Apr  7 20:00:40 2010
New Revision: 931661

URL: http://svn.apache.org/viewvc?rev=931661&view=rev
Log:
backport 931655 from trunk -- temp_views are admin-only

Modified:
    couchdb/branches/0.11.x/   (props changed)
    couchdb/branches/0.11.x/etc/default/couchdb   (props changed)
    couchdb/branches/0.11.x/share/www/script/test/reader_acl.js
    couchdb/branches/0.11.x/src/couchdb/couch_db.erl
    couchdb/branches/0.11.x/src/couchdb/couch_httpd_view.erl

Propchange: couchdb/branches/0.11.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Apr  7 20:00:40 2010
@@ -6,4 +6,4 @@
 /couchdb/branches/list-iterator:782292-784593
 /couchdb/branches/tail_header:775760-778477
 /couchdb/tags/0.10.0:825400
-/couchdb/trunk:909247,910054,910696,910910-910911,911544,911559,911578,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264
+/couchdb/trunk:909247,910054,910696,910910-910911,911544,911559,911578,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655

Propchange: couchdb/branches/0.11.x/etc/default/couchdb
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Apr  7 20:00:40 2010
@@ -6,5 +6,5 @@
 /couchdb/branches/list-iterator/etc/default/couchdb:782292-784593
 /couchdb/branches/tail_header/etc/default/couchdb:775760-778477
 /couchdb/tags/0.10.0/etc/default/couchdb:825400
-/couchdb/trunk/etc/default/couchdb:909247,910054,910696,911544,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264
+/couchdb/trunk/etc/default/couchdb:909247,910054,910696,911544,911602,911717,911837,912474,912606,912608,912615,912636,915526,915529-915530,915827,916076,916153,916518,916521,917553,918855,919193,921707,923526,925264,931655
 /incubator/couchdb/trunk/etc/default/couchdb:642419-694440

Modified: couchdb/branches/0.11.x/share/www/script/test/reader_acl.js
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/share/www/script/test/reader_acl.js?rev=931661&r1=931660&r2=931661&view=diff
==============================================================================
--- couchdb/branches/0.11.x/share/www/script/test/reader_acl.js (original)
+++ couchdb/branches/0.11.x/share/www/script/test/reader_acl.js Wed Apr  7 20:00:40 2010
@@ -72,10 +72,17 @@ couchTests.reader_acl = function(debug) 
         }
       }).ok);
 
+
       T(CouchDB.login("jchris@apache.org", "funnybone").ok);
 
+      // db admin can read
       T(secretDb.open("baz").foo == "bar");
 
+      // and run temp views
+      TEquals(secretDb.query(function(doc) {
+        emit(null, null)
+      }).total_rows, 1);
+
       CouchDB.logout();
       T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1);
 
@@ -116,6 +123,17 @@ couchTests.reader_acl = function(debug) 
       // readers can query stored views
       T(secretDb.view("foo/bar").total_rows == 1);
       
+      // readers can't do temp views
+      try {
+        var results = secretDb.query(function(doc) {
+          emit(null, null);
+        });
+        T(false && "temp view should be admin only");
+      } catch (e) {
+        T(true && "temp view is admin only");
+      }
+      
+      
       CouchDB.logout();
 
       // can't set non string reader names or roles

Modified: couchdb/branches/0.11.x/src/couchdb/couch_db.erl
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/src/couchdb/couch_db.erl?rev=931661&r1=931660&r2=931661&view=diff
==============================================================================
--- couchdb/branches/0.11.x/src/couchdb/couch_db.erl (original)
+++ couchdb/branches/0.11.x/src/couchdb/couch_db.erl Wed Apr  7 20:00:40 2010
@@ -26,6 +26,7 @@
 -export([set_security/2,get_security/1]).
 -export([init/1,terminate/2,handle_call/3,handle_cast/2,code_change/3,handle_info/2]).
 -export([changes_since/5,changes_since/6,read_doc/2,new_revid/1]).
+-export([check_is_admin/1, check_is_reader/1]).
 
 -include("couch_db.hrl").
 

Modified: couchdb/branches/0.11.x/src/couchdb/couch_httpd_view.erl
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/src/couchdb/couch_httpd_view.erl?rev=931661&r1=931660&r2=931661&view=diff
==============================================================================
--- couchdb/branches/0.11.x/src/couchdb/couch_httpd_view.erl (original)
+++ couchdb/branches/0.11.x/src/couchdb/couch_httpd_view.erl Wed Apr  7 20:00:40 2010
@@ -75,6 +75,7 @@ handle_view_req(Req, _Db, _DDoc) ->
     send_method_not_allowed(Req, "GET,POST,HEAD").
 
 handle_temp_view_req(#httpd{method='POST'}=Req, Db) ->
+    ok = couch_db:check_is_admin(Db),
     couch_stats_collector:increment({httpd, temporary_view_reads}),
     {Props} = couch_httpd:json_body_obj(Req),
     Language = proplists:get_value(<<"language">>, Props, <<"javascript">>),