You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@couchdb.apache.org by Rene Veerman <se...@gmail.com> on 2018/09/19 17:18:09 UTC

can't set permissions on databases from PHP, help will be much appreciated.

i'm trying to extend php-couchdb to allow it to set permissions on
databases in a couchdb, but have run into a snag..

thread for php-couchdb upgrade :
https://github.com/ibm-watson-data-lab/php-couchdb/issues/13
source-codes of my fork of couchdb :
https://gitlab.com/seductiveapps/seductiveapps/tree/master/seductiveapps/lib/vendor/ibm-watson-data-lab/php-couchdb
source-code for the script with which i use php-couchdb to (re-)initialize
my couchdb from PHP (which allows me to do it from anywhere, and that's
handy sometimes) :
https://gitlab.com/seductiveapps/seductiveapps/blob/master/seductiveapps/siteData/reInit.php
(starts at about line 190)

the two articles i found on couchdb permissions management :
(server-wide admins) :
https://medium.com/@eiri/couchdb-authorization-in-nutshell-5ae697fe9a
(database permissions) :
https://medium.com/@eiri/couchdb-authorization-in-a-database-58c8ee633c96

now, from the articles by @eiri, i can get and set the server-wide admins,
i can enter users into the _users couchdb database, but *i can't link these
users to become the sole admin of a database in couchdb*.

that error that is mentioned in the database permissions article,
i can't overcome it as described in the article...
here's the log:

CouchDB

adding a couchdb admin user "rene" :

string(84) "-pbkdf2-6d09918465d152e239bc57148d4817f0920a0f6b,ae5c5e8f805aae5bf48ff2d5e15bb845,10"

requesting a list of couchdb admin users:

array(2) {
  ["rene"]=>
  string(84) "-pbkdf2-9998f2b619af596e3184ea6766363bcbcb9ea6a7,a5f756a7a92ae6b232838af87f2607e5,10"
  ["admin"]=>
  string(84) "-pbkdf2-f309a6606c72f3a7977f427444bc0567379bcd3e,7a26b7ca5de19992686fdb9b2bd61e9f,10"
}
deleting any old databases entirely so they can be re-initialized
deleting db sa_tree
deleting db sa_tree__administrator
creating couchdb+seductiveapps user "Administrator"
creating couchdb+seductiveapps user "Guest"
creating and populating couchdb database sa_tree
creating and populating couchdb database sa_tree__administrator

*Fatal error*:  Uncaught GuzzleHttp\Exception\ServerException: Server
error: `PUT http://admin:****@localhost:5984/sa_tree__administrator/_security`
resulted in a `500 Internal Server Error` response:
{"error":"error","reason":"no_majority"}

 in /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113
Stack trace:
#0 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Middleware.php(66):
GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request),
Object(GuzzleHttp\Psr7\Response))
#1 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/promises/src/Promise.php(203):
GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))
#2 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/promises/src/Promise.php(156):
GuzzleHttp\Promise\Promise::callHandler(1,
Object(GuzzleHttp\Psr7\Response), Array)
#3 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/p
in */home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php*
on line *113*


in the article, it's mentioned that this error message ("no_majority") is
wrong (somebody ought to fix that imho),
but that one can set these _security settings by using the credentials of a
couchdb admin.

that appears not to be the case, on my test system that is the latest
ubuntu.com with the latest couchdb (installed per instructions found on
couchdb.apache.org)

as you can see, it's already using a couchdb admin's credentials to do all
of these calls.

i've spied on Fauxton (localhost:5984/_utils), and even using less JSON
([2] instead of [1]) like Fauxton does, gets me the same results in PHP.

[1] $json = '{ "admins" : { "names" : [], "roles" : [] }, "members" : {
"names" : ["Administrator"], "roles" : [] } }';
[2] $json = '{ "members" : { "names" : ["Administrator"] } }';

this could be caused by couchdb, or by the PHP stack i use to get to
couchdb.
so i'm filing it both with the couchdb mailinglist and that thread for the
upgrade of php-couchdb (linked at the start of this thread),
so that hopefully someone can figure out what is causing this.
personally, i've run out of things to try. :(

Re: can't set permissions on databases from PHP, help will be much appreciated.

Posted by Rene Veerman <se...@gmail.com>.

fixed it :)

i was using the wrong parameter into one of the components used by
php-couchdb.
very happy i was able to solve this one in just a few minutes of course.

i've uploaded my improved sources to gitlab. links are in the opening post
of this thread.

thx for the help :)

On Fri, Sep 21, 2018 at 11:30 AM Rene Veerman <se...@gmail.com>
wrote:

> thanks.
>
> it did work via the command-line.
>
> rene@crow:~$ curl -X PUT $db/sa_tree__administrator/_security -d @-
> {
>     "admins": {
>         "names": [],
>         "roles": []
>     },
>     "members": {
>         "names": ["Administrator"],
>         "roles": []
>     }
> }
> {"ok":true}
>
>
> so i'll have to dig into that PHP stack.
>
>
> On Thu, Sep 20, 2018 at 1:50 AM Joan Touzet <wo...@apache.org> wrote:
>
>> Hi Rene,
>>
>> Usually the no_majority error means your _security object is invalid. See
>> this bug:
>>
>> https://github.com/apache/couchdb/issues/1384
>>
>> Are you able to re-do your example without PHP, from cURL and the command
>> line
>> directly, so we can rule out any PHP-specific bugs?
>>
>> -Joan
>>
>> ----- Original Message -----
>> From: "Rene Veerman" <se...@gmail.com>
>> To: user@couchdb.apache.org
>> Sent: Wednesday, September 19, 2018 1:18:09 PM
>> Subject: can't set permissions on databases from PHP, help will be much
>> appreciated.
>>
>> i'm trying to extend php-couchdb to allow it to set permissions on
>> databases in a couchdb, but have run into a snag..
>>
>> thread for php-couchdb upgrade :
>> https://github.com/ibm-watson-data-lab/php-couchdb/issues/13
>> source-codes of my fork of couchdb :
>>
>> https://gitlab.com/seductiveapps/seductiveapps/tree/master/seductiveapps/lib/vendor/ibm-watson-data-lab/php-couchdb
>> source-code
>> <https://gitlab.com/seductiveapps/seductiveapps/tree/master/seductiveapps/lib/vendor/ibm-watson-data-lab/php-couchdbsource-code>
>> for the script with which i use php-couchdb to (re-)initialize
>> my couchdb from PHP (which allows me to do it from anywhere, and that's
>> handy sometimes) :
>>
>> https://gitlab.com/seductiveapps/seductiveapps/blob/master/seductiveapps/siteData/reInit.php
>> (starts at about line 190)
>>
>> the two articles i found on couchdb permissions management :
>> (server-wide admins) :
>> https://medium.com/@eiri/couchdb-authorization-in-nutshell-5ae697fe9a
>> (database permissions) :
>> https://medium.com/@eiri/couchdb-authorization-in-a-database-58c8ee633c96
>>
>> now, from the articles by @eiri, i can get and set the server-wide admins,
>> i can enter users into the _users couchdb database, but *i can't link
>> these
>> users to become the sole admin of a database in couchdb*.
>>
>> that error that is mentioned in the database permissions article,
>> i can't overcome it as described in the article...
>> here's the log:
>>
>> CouchDB
>>
>> adding a couchdb admin user "rene" :
>>
>> string(84)
>> "-pbkdf2-6d09918465d152e239bc57148d4817f0920a0f6b,ae5c5e8f805aae5bf48ff2d5e15bb845,10"
>>
>> requesting a list of couchdb admin users:
>>
>> array(2) {
>>   ["rene"]=>
>>   string(84)
>> "-pbkdf2-9998f2b619af596e3184ea6766363bcbcb9ea6a7,a5f756a7a92ae6b232838af87f2607e5,10"
>>   ["admin"]=>
>>   string(84)
>> "-pbkdf2-f309a6606c72f3a7977f427444bc0567379bcd3e,7a26b7ca5de19992686fdb9b2bd61e9f,10"
>> }
>> deleting any old databases entirely so they can be re-initialized
>> deleting db sa_tree
>> deleting db sa_tree__administrator
>> creating couchdb+seductiveapps user "Administrator"
>> creating couchdb+seductiveapps user "Guest"
>> creating and populating couchdb database sa_tree
>> creating and populating couchdb database sa_tree__administrator
>>
>> *Fatal error*:  Uncaught GuzzleHttp\Exception\ServerException: Server
>> error: `PUT http://admin:
>> ****@localhost:5984/sa_tree__administrator/_security`
>> resulted in a `500 Internal Server Error` response:
>> {"error":"error","reason":"no_majority"}
>>
>>  in
>> /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113
>> Stack trace:
>> #0
>> /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Middleware.php(66):
>>
>> GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request),
>> Object(GuzzleHttp\Psr7\Response))
>> #1
>> /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/promises/src/Promise.php(203):
>>
>> GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))
>> #2
>> /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/promises/src/Promise.php(156):
>> GuzzleHttp\Promise\Promise::callHandler(1,
>> Object(GuzzleHttp\Psr7\Response), Array)
>> #3 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/p
>> in
>> */home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php*
>> on line *113*
>>
>>
>> in the article, it's mentioned that this error message ("no_majority") is
>> wrong (somebody ought to fix that imho),
>> but that one can set these _security settings by using the credentials of
>> a
>> couchdb admin.
>>
>> that appears not to be the case, on my test system that is the latest
>> ubuntu.com with the latest couchdb (installed per instructions found on
>> couchdb.apache.org)
>>
>> as you can see, it's already using a couchdb admin's credentials to do all
>> of these calls.
>>
>> i've spied on Fauxton (localhost:5984/_utils), and even using less JSON
>> ([2] instead of [1]) like Fauxton does, gets me the same results in PHP.
>>
>> [1] $json = '{ "admins" : { "names" : [], "roles" : [] }, "members" : {
>> "names" : ["Administrator"], "roles" : [] } }';
>> [2] $json = '{ "members" : { "names" : ["Administrator"] } }';
>>
>> this could be caused by couchdb, or by the PHP stack i use to get to
>> couchdb.
>> so i'm filing it both with the couchdb mailinglist and that thread for the
>> upgrade of php-couchdb (linked at the start of this thread),
>> so that hopefully someone can figure out what is causing this.
>> personally, i've run out of things to try. :(
>>
>

Re: can't set permissions on databases from PHP, help will be much appreciated.

Posted by Rene Veerman <se...@gmail.com>.

thanks.

it did work via the command-line.

rene@crow:~$ curl -X PUT $db/sa_tree__administrator/_security -d @-
{
    "admins": {
        "names": [],
        "roles": []
    },
    "members": {
        "names": ["Administrator"],
        "roles": []
    }
}
{"ok":true}


so i'll have to dig into that PHP stack.


On Thu, Sep 20, 2018 at 1:50 AM Joan Touzet <wo...@apache.org> wrote:

> Hi Rene,
>
> Usually the no_majority error means your _security object is invalid. See
> this bug:
>
> https://github.com/apache/couchdb/issues/1384
>
> Are you able to re-do your example without PHP, from cURL and the command
> line
> directly, so we can rule out any PHP-specific bugs?
>
> -Joan
>
> ----- Original Message -----
> From: "Rene Veerman" <se...@gmail.com>
> To: user@couchdb.apache.org
> Sent: Wednesday, September 19, 2018 1:18:09 PM
> Subject: can't set permissions on databases from PHP, help will be much
> appreciated.
>
> i'm trying to extend php-couchdb to allow it to set permissions on
> databases in a couchdb, but have run into a snag..
>
> thread for php-couchdb upgrade :
> https://github.com/ibm-watson-data-lab/php-couchdb/issues/13
> source-codes of my fork of couchdb :
>
> https://gitlab.com/seductiveapps/seductiveapps/tree/master/seductiveapps/lib/vendor/ibm-watson-data-lab/php-couchdb
> source-code
> <https://gitlab.com/seductiveapps/seductiveapps/tree/master/seductiveapps/lib/vendor/ibm-watson-data-lab/php-couchdbsource-code>
> for the script with which i use php-couchdb to (re-)initialize
> my couchdb from PHP (which allows me to do it from anywhere, and that's
> handy sometimes) :
>
> https://gitlab.com/seductiveapps/seductiveapps/blob/master/seductiveapps/siteData/reInit.php
> (starts at about line 190)
>
> the two articles i found on couchdb permissions management :
> (server-wide admins) :
> https://medium.com/@eiri/couchdb-authorization-in-nutshell-5ae697fe9a
> (database permissions) :
> https://medium.com/@eiri/couchdb-authorization-in-a-database-58c8ee633c96
>
> now, from the articles by @eiri, i can get and set the server-wide admins,
> i can enter users into the _users couchdb database, but *i can't link these
> users to become the sole admin of a database in couchdb*.
>
> that error that is mentioned in the database permissions article,
> i can't overcome it as described in the article...
> here's the log:
>
> CouchDB
>
> adding a couchdb admin user "rene" :
>
> string(84)
> "-pbkdf2-6d09918465d152e239bc57148d4817f0920a0f6b,ae5c5e8f805aae5bf48ff2d5e15bb845,10"
>
> requesting a list of couchdb admin users:
>
> array(2) {
>   ["rene"]=>
>   string(84)
> "-pbkdf2-9998f2b619af596e3184ea6766363bcbcb9ea6a7,a5f756a7a92ae6b232838af87f2607e5,10"
>   ["admin"]=>
>   string(84)
> "-pbkdf2-f309a6606c72f3a7977f427444bc0567379bcd3e,7a26b7ca5de19992686fdb9b2bd61e9f,10"
> }
> deleting any old databases entirely so they can be re-initialized
> deleting db sa_tree
> deleting db sa_tree__administrator
> creating couchdb+seductiveapps user "Administrator"
> creating couchdb+seductiveapps user "Guest"
> creating and populating couchdb database sa_tree
> creating and populating couchdb database sa_tree__administrator
>
> *Fatal error*:  Uncaught GuzzleHttp\Exception\ServerException: Server
> error: `PUT http://admin:
> ****@localhost:5984/sa_tree__administrator/_security`
> resulted in a `500 Internal Server Error` response:
> {"error":"error","reason":"no_majority"}
>
>  in
> /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113
> Stack trace:
> #0
> /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Middleware.php(66):
>
> GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request),
> Object(GuzzleHttp\Psr7\Response))
> #1
> /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/promises/src/Promise.php(203):
>
> GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))
> #2
> /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/promises/src/Promise.php(156):
> GuzzleHttp\Promise\Promise::callHandler(1,
> Object(GuzzleHttp\Psr7\Response), Array)
> #3 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/p
> in
> */home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php*
> on line *113*
>
>
> in the article, it's mentioned that this error message ("no_majority") is
> wrong (somebody ought to fix that imho),
> but that one can set these _security settings by using the credentials of a
> couchdb admin.
>
> that appears not to be the case, on my test system that is the latest
> ubuntu.com with the latest couchdb (installed per instructions found on
> couchdb.apache.org)
>
> as you can see, it's already using a couchdb admin's credentials to do all
> of these calls.
>
> i've spied on Fauxton (localhost:5984/_utils), and even using less JSON
> ([2] instead of [1]) like Fauxton does, gets me the same results in PHP.
>
> [1] $json = '{ "admins" : { "names" : [], "roles" : [] }, "members" : {
> "names" : ["Administrator"], "roles" : [] } }';
> [2] $json = '{ "members" : { "names" : ["Administrator"] } }';
>
> this could be caused by couchdb, or by the PHP stack i use to get to
> couchdb.
> so i'm filing it both with the couchdb mailinglist and that thread for the
> upgrade of php-couchdb (linked at the start of this thread),
> so that hopefully someone can figure out what is causing this.
> personally, i've run out of things to try. :(
>

Re: can't set permissions on databases from PHP, help will be much appreciated.

Posted by Joan Touzet <wo...@apache.org>.

Hi Rene,

Usually the no_majority error means your _security object is invalid. See this bug:

https://github.com/apache/couchdb/issues/1384

Are you able to re-do your example without PHP, from cURL and the command line
directly, so we can rule out any PHP-specific bugs?

-Joan

----- Original Message -----
From: "Rene Veerman" <se...@gmail.com>
To: user@couchdb.apache.org
Sent: Wednesday, September 19, 2018 1:18:09 PM
Subject: can't set permissions on databases from PHP, help will be much appreciated.

i'm trying to extend php-couchdb to allow it to set permissions on
databases in a couchdb, but have run into a snag..

thread for php-couchdb upgrade :
https://github.com/ibm-watson-data-lab/php-couchdb/issues/13
source-codes of my fork of couchdb :
https://gitlab.com/seductiveapps/seductiveapps/tree/master/seductiveapps/lib/vendor/ibm-watson-data-lab/php-couchdb
source-code for the script with which i use php-couchdb to (re-)initialize
my couchdb from PHP (which allows me to do it from anywhere, and that's
handy sometimes) :
https://gitlab.com/seductiveapps/seductiveapps/blob/master/seductiveapps/siteData/reInit.php
(starts at about line 190)

the two articles i found on couchdb permissions management :
(server-wide admins) :
https://medium.com/@eiri/couchdb-authorization-in-nutshell-5ae697fe9a
(database permissions) :
https://medium.com/@eiri/couchdb-authorization-in-a-database-58c8ee633c96

now, from the articles by @eiri, i can get and set the server-wide admins,
i can enter users into the _users couchdb database, but *i can't link these
users to become the sole admin of a database in couchdb*.

that error that is mentioned in the database permissions article,
i can't overcome it as described in the article...
here's the log:

CouchDB

adding a couchdb admin user "rene" :

string(84) "-pbkdf2-6d09918465d152e239bc57148d4817f0920a0f6b,ae5c5e8f805aae5bf48ff2d5e15bb845,10"

requesting a list of couchdb admin users:

array(2) {
  ["rene"]=>
  string(84) "-pbkdf2-9998f2b619af596e3184ea6766363bcbcb9ea6a7,a5f756a7a92ae6b232838af87f2607e5,10"
  ["admin"]=>
  string(84) "-pbkdf2-f309a6606c72f3a7977f427444bc0567379bcd3e,7a26b7ca5de19992686fdb9b2bd61e9f,10"
}
deleting any old databases entirely so they can be re-initialized
deleting db sa_tree
deleting db sa_tree__administrator
creating couchdb+seductiveapps user "Administrator"
creating couchdb+seductiveapps user "Guest"
creating and populating couchdb database sa_tree
creating and populating couchdb database sa_tree__administrator

*Fatal error*:  Uncaught GuzzleHttp\Exception\ServerException: Server
error: `PUT http://admin:****@localhost:5984/sa_tree__administrator/_security`
resulted in a `500 Internal Server Error` response:
{"error":"error","reason":"no_majority"}

 in /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113
Stack trace:
#0 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Middleware.php(66):
GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request),
Object(GuzzleHttp\Psr7\Response))
#1 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/promises/src/Promise.php(203):
GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))
#2 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/promises/src/Promise.php(156):
GuzzleHttp\Promise\Promise::callHandler(1,
Object(GuzzleHttp\Psr7\Response), Array)
#3 /home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/p
in */home/rene/data1/htdocs/localhost/seductiveapps/lib/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php*
on line *113*


in the article, it's mentioned that this error message ("no_majority") is
wrong (somebody ought to fix that imho),
but that one can set these _security settings by using the credentials of a
couchdb admin.

that appears not to be the case, on my test system that is the latest
ubuntu.com with the latest couchdb (installed per instructions found on
couchdb.apache.org)

as you can see, it's already using a couchdb admin's credentials to do all
of these calls.

i've spied on Fauxton (localhost:5984/_utils), and even using less JSON
([2] instead of [1]) like Fauxton does, gets me the same results in PHP.

[1] $json = '{ "admins" : { "names" : [], "roles" : [] }, "members" : {
"names" : ["Administrator"], "roles" : [] } }';
[2] $json = '{ "members" : { "names" : ["Administrator"] } }';

this could be caused by couchdb, or by the PHP stack i use to get to
couchdb.
so i'm filing it both with the couchdb mailinglist and that thread for the
upgrade of php-couchdb (linked at the start of this thread),
so that hopefully someone can figure out what is causing this.
personally, i've run out of things to try. :(