You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2022/08/06 14:10:50 UTC
[couchdb] 04/21: feat(access): add new _users role for all authenticated users
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 48c1c1d0a32131febac84aa6071e67a18b8cbd06
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Fri Jun 24 17:13:25 2022 +0200
feat(access): add new _users role for all authenticated users
---
src/couch/src/couch_httpd_auth.erl | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index c74ca9bd8..d7bb7b519 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -99,6 +99,13 @@ basic_name_pw(Req) ->
nil
end.
+extract_roles(UserProps) ->
+ Roles = couch_util:get_value(<<"roles">>, UserProps, []),
+ case lists:member(<<"_admin">>, Roles) of
+ true -> Roles;
+ _ -> Roles ++ [<<"_users">>]
+ end.
+
default_authentication_handler(Req) ->
default_authentication_handler(Req, couch_auth_cache).
@@ -117,7 +124,7 @@ default_authentication_handler(Req, AuthModule) ->
Req#httpd{
user_ctx = #user_ctx{
name = UserName,
- roles = couch_util:get_value(<<"roles">>, UserProps, [])
+ roles = extract_roles(UserProps)
}
};
false ->
@@ -189,7 +196,7 @@ proxy_auth_user(Req) ->
Roles =
case header_value(Req, XHeaderRoles) of
undefined -> [];
- Else -> re:split(Else, "\\s*,\\s*", [trim, {return, binary}])
+ Else -> [<<"_users">> | re:split(Else, "\\s*,\\s*", [trim, {return, binary}])]
end,
case
chttpd_util:get_chttpd_auth_config_boolean(
@@ -326,9 +333,7 @@ cookie_authentication_handler(#httpd{mochi_req = MochiReq} = Req, AuthModule) ->
Req#httpd{
user_ctx = #user_ctx{
name = ?l2b(User),
- roles = couch_util:get_value(
- <<"roles">>, UserProps, []
- )
+ roles = extract_roles(UserProps)
},
auth = {FullSecret, TimeLeft < Timeout * 0.9}
};
@@ -449,7 +454,7 @@ handle_session_req(#httpd{method = 'POST', mochi_req = MochiReq} = Req, AuthModu
{[
{ok, true},
{name, UserName},
- {roles, couch_util:get_value(<<"roles">>, UserProps, [])}
+ {roles, extract_roles(UserProps)}
]}
);
false ->