You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2019/07/20 18:23:49 UTC

[couchdb] branch access updated: fix access deletes

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch access
in repository https://gitbox.apache.org/repos/asf/couchdb.git


The following commit(s) were added to refs/heads/access by this push:
     new 46a05de  fix access deletes
46a05de is described below

commit 46a05ded0fae2a556260890f1fa40340b457f72c
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sat Jul 20 20:23:41 2019 +0200

    fix access deletes
---
 src/chttpd/src/chttpd_db.erl            | 19 +++++--------------
 src/couch/src/couch_db.erl              |  1 +
 src/couch/test/couchdb_access_tests.erl | 21 +++++++++++----------
 3 files changed, 17 insertions(+), 24 deletions(-)

diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl
index 3da628c..1044c0b 100644
--- a/src/chttpd/src/chttpd_db.erl
+++ b/src/chttpd/src/chttpd_db.erl
@@ -776,20 +776,11 @@ all_docs_view(Req, Db, Keys, OP) ->
 
 db_doc_req(#httpd{method='DELETE'}=Req, Db, DocId) ->
     % check for the existence of the doc to handle the 404 case.
-    #doc{body={OldDocProps}} = Doc = couch_doc_open(Db, DocId, nil, []),
-    NewProps0 = case chttpd:qs_value(Req, "rev") of
-    undefined ->
-        [{<<"_deleted">>,true}];
-    Rev ->
-        [{<<"_rev">>, ?l2b(Rev)},{<<"_deleted">>,true}]
-    end,
-    NewProps1 = case couch_util:get_value(<<"_access">>, OldDocProps) of
-    undefined ->
-        NewProps0;
-    Access ->
-        [{<<"_access">>, Access} | NewProps0]
-    end,
-    send_updated_doc(Req, Db, DocId, couch_doc_from_req(Req, DocId, {NewProps1}));
+    OldDoc = couch_doc_open(Db, DocId, nil, [{user_ctx, Req#httpd.user_ctx}]),
+    NewRevs = couch_doc:parse_rev(chttpd:qs_value(Req, "rev")),
+    NewBody = {[{<<"_deleted">>}, true]},
+    NewDoc = OldDoc#doc{revs=NewRevs, body=NewBody},
+    send_updated_doc(Req, Db, DocId, couch_doc_from_req(Req, DocId, NewDoc));
 
 db_doc_req(#httpd{method='GET', mochi_req=MochiReq}=Req, Db, DocId) ->
     #doc_query_args{
diff --git a/src/couch/src/couch_db.erl b/src/couch/src/couch_db.erl
index fb11ee2..9231800 100644
--- a/src/couch/src/couch_db.erl
+++ b/src/couch/src/couch_db.erl
@@ -732,6 +732,7 @@ validate_access1(_) -> throw({forbidden, <<"can't touch this">>}).
 
 
 check_access(Db, #doc{access=Access}=Doc) ->
+    % couch_log:info("~ncheck da access, Doc: ~p, Db: ~p~n", [Doc, Db]),
     check_access(Db, Access);
 check_access(Db, Access) ->
     #user_ctx{
diff --git a/src/couch/test/couchdb_access_tests.erl b/src/couch/test/couchdb_access_tests.erl
index bd7370e..bba0da2 100644
--- a/src/couch/test/couchdb_access_tests.erl
+++ b/src/couch/test/couchdb_access_tests.erl
@@ -55,7 +55,7 @@ before_all() ->
     Couch.
 
 after_all(_) ->
-    test_util:stop_couch(done).
+    ok = test_util:stop_couch(done).
 
 access_test_() ->
     Tests = [
@@ -65,9 +65,9 @@ access_test_() ->
         fun should_let_admin_read_doc_with_access/2,
         fun user_with_access_can_read_doc/2,
         fun user_without_access_can_not_read_doc/2,
-        % fun should_let_admin_delete_doc_with_access/2,
-        % fun should_let_user_delete_doc_for_themselves/2,
-        % fun should_not_let_user_delete_doc_for_someone_else/2,
+        fun should_let_admin_delete_doc_with_access/2,
+        fun should_let_user_delete_doc_for_themselves/2,
+        fun should_not_let_user_delete_doc_for_someone_else/2,
         fun should_let_admin_fetch_all_docs/2,
         fun should_let_user_fetch_their_own_all_docs/2,
         fun should_let_admin_fetch_changes/2,
@@ -122,18 +122,19 @@ user_without_access_can_not_read_doc(_PortType, Url) ->
 % Doc deletes
 should_let_admin_delete_doc_with_access(_PortType, Url) ->
     {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
-    {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-967a00dff5e02add41819138abb3284d", ?ADMIN_REQ_HEADERS),
-    ?_assertEqual(200, Code).
+    {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5", ?ADMIN_REQ_HEADERS),
+    ?_assertEqual(201, Code).
 
 should_let_user_delete_doc_for_themselves(_PortType, Url) ->
     {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
-    {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-967a00dff5e02add41819138abb3284d"),
-    ?_assertEqual(200, Code).
+    {ok, _, _, _} = test_request:get(Url ++ "/db/a", ?USERX_REQ_HEADERS),
+    {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5", ?USERX_REQ_HEADERS),
+    ?_assertEqual(201, Code).
 
 should_not_let_user_delete_doc_for_someone_else(_PortType, Url) ->
     {ok, 201, _, _} = test_request:put(Url ++ "/db/a", ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
-    {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-967a00dff5e02add41819138abb3284d", ?USERY_REQ_HEADERS),
-    ?_assertEqual(401, Code).
+    {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5", ?USERY_REQ_HEADERS),
+    ?_assertEqual(403, Code).
 
 % _all_docs with include_docs
 should_let_admin_fetch_all_docs(_PortType, Url) ->