[2/2] git commit: make /_users/_changes admin-only

[ja...@apache.org]

make /_users/_changes admin-only


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6dc94249
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6dc94249
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6dc94249

Branch: refs/heads/master
Commit: 6dc942496a9c0f2c829ba23c193d3c3668b7068e
Parents: 64c9416
Author: Jan Lehnardt <ja...@apache.org>
Authored: Thu Feb 16 16:36:42 2012 +0100
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Tue Feb 21 20:20:05 2012 +0100

----------------------------------------------------------------------
 share/www/script/test/users_db_security.js |   24 +++++++++++++++++++++++
 src/couchdb/couch_httpd_db.erl             |    1 +
 2 files changed, 25 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/6dc94249/share/www/script/test/users_db_security.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/users_db_security.js b/share/www/script/test/users_db_security.js
index 9735d6b..75a4dfa 100644
--- a/share/www/script/test/users_db_security.js
+++ b/share/www/script/test/users_db_security.js
@@ -58,6 +58,18 @@ couchTests.users_db_security = function(debug) {
     }
   };
 
+  var changes_as = function(db, username)
+  {
+    loginUser(username);
+    try {
+      return db.changes();
+    } catch(ex) {
+      return ex;
+    } finally {
+      CouchDB.logout();
+    }
+  };
+
   var testFun = function()
   {
     usersDb.deleteDb();
@@ -96,10 +108,22 @@ couchTests.users_db_security = function(debug) {
       var res = usersDb.open("org.couchdb.user:jchris");
       TEquals(null, res, "anonymous user doc read should be not found");
 
+      // anonymous should not be able to read /_users/_changes
+      try {
+        var ch = usersDb.changes();
+        T(false, "anonymous can read _changes");
+      } catch(e) {
+        TEquals("unauthorized", e.error, "anoymous can't read _changes");
+      }
+
       // user should be able to read their own document
       var jchrisDoc = open_as(usersDb, "org.couchdb.user:jchris", "jchris");
       TEquals("org.couchdb.user:jchris", jchrisDoc._id);
 
+      // user should not be able to read /_users/_changes
+      var changes = changes_as(usersDb, "jchris");
+      TEquals("unauthorized", changes.error, "user can't read _changes");
+
       // new 'password' fields should trigger new hashing routine
       jchrisDoc.password = "couch";
 

http://git-wip-us.apache.org/repos/asf/couchdb/blob/6dc94249/src/couchdb/couch_httpd_db.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl
index f669643..bba9b7c 100644
--- a/src/couchdb/couch_httpd_db.erl
+++ b/src/couchdb/couch_httpd_db.erl
@@ -64,6 +64,7 @@ handle_changes_req(#httpd{path_parts=[_,<<"_changes">>]}=Req, _Db) ->
     send_method_not_allowed(Req, "GET,HEAD,POST").
 
 handle_changes_req1(Req, Db) ->
+    ok = couch_db:check_is_admin(Db),
     MakeCallback = fun(Resp) ->
         fun({change, Change, _}, "continuous") ->
             send_chunk(Resp, [?JSON_ENCODE(Change) | "\n"]);