You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2022/08/06 13:43:55 UTC
[couchdb] branch feat/access-2022 updated (ee10ea60f -> 1d12525ac)
This is an automated email from the ASF dual-hosted git repository.
jan pushed a change to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git
from ee10ea60f feat(access): add access handling to fabric
new a6e3c655f feat(access): additional test fixes
new 8ca15ed22 fix: make tests pass again
new 17ec65823 feat(access): add global off switch
new 7c6068109 doc(access): leave todo for missing implementation detail
new 8dbba7afc chore(access): remove old comment
new 6f60d904a fix(access): use minimal info from prev rev
new 1d12525ac chore(access): style notes
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
rel/overlay/etc/default.ini | 4 +
src/chttpd/src/chttpd_db.erl | 25 +-
src/couch/src/couch_bt_engine.erl | 14 +-
src/couch/src/couch_changes.erl | 3 +
src/couch/src/couch_db.erl | 15 +-
src/couch/src/couch_db_updater.erl | 21 +-
src/couch/src/couch_doc.erl | 9 +-
src/couch/src/couch_httpd_auth.erl | 4 +-
src/couch/test/eunit/couchdb_access_tests.erl | 1040 ++++++++++++++++++++
.../test/eunit/couchdb_update_conflicts_tests.erl | 4 +-
src/couch_index/src/couch_index_util.erl | 5 +-
src/custodian/src/custodian_util.erl | 3 +-
src/fabric/src/fabric_doc_update.erl | 33 +-
src/mem3/src/mem3_shards.erl | 1 +
test/elixir/test/cookie_auth_test.exs | 2 +-
test/elixir/test/security_validation_test.exs | 2 +-
test/javascript/tests/security_validation.js | 2 +-
17 files changed, 1130 insertions(+), 57 deletions(-)
[couchdb] 07/07: chore(access): style notes
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 1d12525ac4534bf6974e4aa8681d4174502e2759
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sat Aug 6 15:39:05 2022 +0200
chore(access): style notes
---
src/couch/src/couch_db_updater.erl | 2 +-
src/couch/src/couch_httpd_auth.erl | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/couch/src/couch_db_updater.erl b/src/couch/src/couch_db_updater.erl
index 59de1fb0f..d491c0bbb 100644
--- a/src/couch/src/couch_db_updater.erl
+++ b/src/couch/src/couch_db_updater.erl
@@ -825,7 +825,7 @@ validate_docs_access(Db, UserCtx, [Docs | DocRest], [OldInfo | OldInfoRest], Doc
true -> % if valid, then send to DocsListValidated, OldDocsInfo
% and store the access context on the new doc
[{Client, Doc} | Acc];
- _Else2 -> % if invalid, then send_result tagged `access`(c.f. `conflict)
+ false -> % if invalid, then send_result tagged `access`(c.f. `conflict)
% and don’t add to DLV, nor ODI
send_result(Client, Doc, access),
Acc
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index eb3a1936f..25d6a8518 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -103,7 +103,7 @@ extract_roles(UserProps) ->
Roles = couch_util:get_value(<<"roles">>, UserProps, []),
case lists:member(<<"_admin">>, Roles) of
true -> Roles;
- _ -> Roles ++ [<<"_users">>]
+ _ -> [<<"_users">> | Roles]
end.
default_authentication_handler(Req) ->
@@ -196,7 +196,7 @@ proxy_auth_user(Req) ->
Roles =
case header_value(Req, XHeaderRoles) of
undefined -> [];
- Else -> [?l2b(R) || R <- string:tokens(Else, ",")] ++ [<<"_users">>]
+ Else -> [?l2b(R) || R <- [<<"_users">> | string:tokens(Else, ",")]]
end,
case
chttpd_util:get_chttpd_auth_config_boolean(
[couchdb] 04/07: doc(access): leave todo for missing implementation detail
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 7c6068109da3c6940ca88abc50bd15fc2ad2b181
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sat Aug 6 12:52:17 2022 +0200
doc(access): leave todo for missing implementation detail
---
src/couch/src/couch_db.erl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/couch/src/couch_db.erl b/src/couch/src/couch_db.erl
index ead703445..dbe659991 100644
--- a/src/couch/src/couch_db.erl
+++ b/src/couch/src/couch_db.erl
@@ -811,6 +811,8 @@ validate_access1(true, Db, #doc{meta=Meta}=Doc, Options) ->
_False -> validate_access2(Db, Doc)
end;
_Else -> % only admins can read conflicted docs in _access dbs
+ % TODO: expand: if leaves agree on _access, then a user should be able
+ % to proceed normally, only if they disagree should this become admin-only
case is_admin(Db) of
true -> ok;
_Else2 -> throw({forbidden, <<"document is in conflict">>})
[couchdb] 03/07: feat(access): add global off switch
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 17ec65823276c573dd527bd0907763edbc40ae97
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sat Aug 6 12:48:36 2022 +0200
feat(access): add global off switch
---
rel/overlay/etc/default.ini | 4 ++++
src/chttpd/src/chttpd_db.erl | 9 +++++++--
src/couch/test/eunit/couchdb_access_tests.erl | 1 +
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index cefd9e493..6888f6fad 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -328,6 +328,10 @@ authentication_db = _users
; max_iterations, password_scheme, password_regexp, proxy_use_secret,
; public_fields, secret, users_db_public, cookie_domain, same_site
+; Per document access settings
+[per_doc_access]
+;enabled = false
+
; CSP (Content Security Policy) Support
[csp]
;utils_enable = true
diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl
index e07b58223..58c801829 100644
--- a/src/chttpd/src/chttpd_db.erl
+++ b/src/chttpd/src/chttpd_db.erl
@@ -2084,9 +2084,14 @@ parse_shards_opt("placement", Req, Default) ->
parse_shards_opt("access", Req, Value) when is_list(Value) ->
parse_shards_opt("access", Req, list_to_existing_atom(Value));
parse_shards_opt("access", _Req, Value) when is_boolean(Value) ->
- Value;
+ case config:get_boolean("per_doc_access", "enabled", false) of
+ true -> Value;
+ false ->
+ Err = ?l2b(["The `access` is not available on this CouchDB installation."]),
+ throw({bad_request, Err})
+ end;
parse_shards_opt("access", _Req, _Value) ->
- Err = ?l2b(["The woopass `access` value should be a boolean."]),
+ Err = ?l2b(["The `access` value should be a boolean."]),
throw({bad_request, Err});
parse_shards_opt(Param, Req, Default) ->
diff --git a/src/couch/test/eunit/couchdb_access_tests.erl b/src/couch/test/eunit/couchdb_access_tests.erl
index 28f27ea72..1b656499c 100644
--- a/src/couch/test/eunit/couchdb_access_tests.erl
+++ b/src/couch/test/eunit/couchdb_access_tests.erl
@@ -46,6 +46,7 @@ before_all() ->
ok = config:set("admins", "a", binary_to_list(Hashed), _Persist=false),
ok = config:set("couchdb", "uuid", "21ac467c1bc05e9d9e9d2d850bb1108f", _Persist=false),
ok = config:set("log", "level", "debug", _Persist=false),
+ ok = config:set("per_doc_access", "enabled", "true", _Persist=false),
% cleanup and setup
{ok, _, _, _} = test_request:delete(url() ++ "/db", ?ADMIN_REQ_HEADERS),
[couchdb] 06/07: fix(access): use minimal info from prev rev
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 6f60d904a3523365542532ed1c290c945744d421
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sat Aug 6 15:35:24 2022 +0200
fix(access): use minimal info from prev rev
---
src/chttpd/src/chttpd_db.erl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl
index 58c801829..81505333d 100644
--- a/src/chttpd/src/chttpd_db.erl
+++ b/src/chttpd/src/chttpd_db.erl
@@ -1047,7 +1047,7 @@ db_doc_req(#httpd{method = 'DELETE'} = Req, Db, DocId) ->
Rev ->
Body = {[{<<"_rev">>, ?l2b(Rev)}, {<<"_deleted">>, true}]}
end,
- Doc = Doc0#doc{revs=Revs,body=Body,deleted=true},
+ Doc = #doc{revs=Revs,body=Body,deleted=true,access=Doc0#doc.access},
send_updated_doc(Req, Db, DocId, couch_doc_from_req(Req, Db, DocId, Doc));
db_doc_req(#httpd{method = 'GET', mochi_req = MochiReq} = Req, Db, DocId) ->
#doc_query_args{
[couchdb] 01/07: feat(access): additional test fixes
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit a6e3c655fcbcbb5616430b19bfb6e6ab8be480c9
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Mon Jun 27 11:14:49 2022 +0200
feat(access): additional test fixes
---
test/elixir/test/cookie_auth_test.exs | 2 +-
test/elixir/test/security_validation_test.exs | 2 +-
test/javascript/tests/security_validation.js | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/elixir/test/cookie_auth_test.exs b/test/elixir/test/cookie_auth_test.exs
index 6e42963f0..223a778fb 100644
--- a/test/elixir/test/cookie_auth_test.exs
+++ b/test/elixir/test/cookie_auth_test.exs
@@ -318,7 +318,7 @@ defmodule CookieAuthTest do
session = login("jchris", "funnybone")
info = Couch.Session.info(session)
assert info["userCtx"]["name"] == "jchris"
- assert Enum.empty?(info["userCtx"]["roles"])
+ assert info["userCtx"]["roles"] == ["_users"]
jason_user_doc =
jason_user_doc
diff --git a/test/elixir/test/security_validation_test.exs b/test/elixir/test/security_validation_test.exs
index adc282a9e..2bb87fd83 100644
--- a/test/elixir/test/security_validation_test.exs
+++ b/test/elixir/test/security_validation_test.exs
@@ -149,7 +149,7 @@ defmodule SecurityValidationTest do
headers = @auth_headers[:jerry]
resp = Couch.get("/_session", headers: headers)
assert resp.body["userCtx"]["name"] == "jerry"
- assert resp.body["userCtx"]["roles"] == []
+ assert info["userCtx"]["roles"] == ["_users"]
end
@tag :with_db
diff --git a/test/javascript/tests/security_validation.js b/test/javascript/tests/security_validation.js
index 365f716e6..b254a17bb 100644
--- a/test/javascript/tests/security_validation.js
+++ b/test/javascript/tests/security_validation.js
@@ -131,7 +131,7 @@ couchTests.security_validation = function(debug) {
var user = JSON.parse(resp.responseText).userCtx;
T(user.name == "jerry");
// test that the roles are listed properly
- TEquals(user.roles, []);
+ TEquals(["_users"], user.roles);
// update the document
[couchdb] 05/07: chore(access): remove old comment
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 8dbba7afc76ca8de6a9a876452705edecc4befa2
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sat Aug 6 12:54:23 2022 +0200
chore(access): remove old comment
---
src/couch/src/couch_db_updater.erl | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/couch/src/couch_db_updater.erl b/src/couch/src/couch_db_updater.erl
index ce01eaeef..59de1fb0f 100644
--- a/src/couch/src/couch_db_updater.erl
+++ b/src/couch/src/couch_db_updater.erl
@@ -792,11 +792,6 @@ update_docs_int(Db, DocsList, LocalDocs, MergeConflicts, UserCtx) ->
% at this point, we already validated this Db is access enabled, so do the checks right away.
check_access(Db, UserCtx, Access) -> couch_db:check_access(Db#db{user_ctx=UserCtx}, Access).
-% TODO: looks like we go into validation here unconditionally and only check in
-% check_access() whether the Db has_access_enabled(), we should do this
-% here on the outside. Might be our perf issue.
-% However, if it is, that means we have to speed this up as it would still
-% be too slow for when access is enabled.
validate_docs_access(Db, UserCtx, DocsList, OldDocInfos) ->
case couch_db:has_access_enabled(Db) of
true -> validate_docs_access_int(Db, UserCtx, DocsList, OldDocInfos);
[couchdb] 02/07: fix: make tests pass again
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch feat/access-2022
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 8ca15ed229bef51b0bdbfd7196adbb0fb42ac1ae
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Sat Jul 23 13:57:17 2022 +0200
fix: make tests pass again
---
src/chttpd/src/chttpd_db.erl | 18 +-
src/couch/src/couch_bt_engine.erl | 14 +-
src/couch/src/couch_changes.erl | 3 +
src/couch/src/couch_db.erl | 13 +-
src/couch/src/couch_db_updater.erl | 14 +-
src/couch/src/couch_doc.erl | 9 +-
src/couch/test/eunit/couchdb_access_tests.erl | 1039 ++++++++++++++++++++
.../test/eunit/couchdb_update_conflicts_tests.erl | 4 +-
src/couch_index/src/couch_index_util.erl | 5 +-
src/custodian/src/custodian_util.erl | 3 +-
src/fabric/src/fabric_doc_update.erl | 33 +-
src/mem3/src/mem3_shards.erl | 1 +
12 files changed, 1111 insertions(+), 45 deletions(-)
diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl
index 92affa4ec..e07b58223 100644
--- a/src/chttpd/src/chttpd_db.erl
+++ b/src/chttpd/src/chttpd_db.erl
@@ -2050,7 +2050,7 @@ parse_shards_opt(Req) ->
[
{n, parse_shards_opt("n", Req, config:get_integer("cluster", "n", 3))},
{q, parse_shards_opt("q", Req, config:get_integer("cluster", "q", 2))},
- {access, parse_shards_opt_access(chttpd:qs_value(Req, "access", false))},
+ {access, parse_shards_opt("access", Req, chttpd:qs_value(Req, "access", false))},
{placement,
parse_shards_opt(
"placement", Req, config:get("cluster", "placement")
@@ -2079,7 +2079,18 @@ parse_shards_opt("placement", Req, Default) ->
throw({bad_request, Err})
end
end;
+
+
+parse_shards_opt("access", Req, Value) when is_list(Value) ->
+ parse_shards_opt("access", Req, list_to_existing_atom(Value));
+parse_shards_opt("access", _Req, Value) when is_boolean(Value) ->
+ Value;
+parse_shards_opt("access", _Req, _Value) ->
+ Err = ?l2b(["The woopass `access` value should be a boolean."]),
+ throw({bad_request, Err});
+
parse_shards_opt(Param, Req, Default) ->
+ couch_log:error("~n parse_shards_opt Param: ~p, Default: ~p~n", [Param, Default]),
Val = chttpd:qs_value(Req, Param, Default),
Err = ?l2b(["The `", Param, "` value should be a positive integer."]),
case couch_util:validate_positive_int(Val) of
@@ -2087,11 +2098,6 @@ parse_shards_opt(Param, Req, Default) ->
false -> throw({bad_request, Err})
end.
-parse_shards_opt_access(Value) when is_boolean(Value) ->
- Value;
-parse_shards_opt_access(_Value) ->
- Err = ?l2b(["The `access` value should be a boolean."]),
- throw({bad_request, Err}).
parse_engine_opt(Req) ->
case chttpd:qs_value(Req, "engine") of
diff --git a/src/couch/src/couch_bt_engine.erl b/src/couch/src/couch_bt_engine.erl
index 87154e9ef..422364a80 100644
--- a/src/couch/src/couch_bt_engine.erl
+++ b/src/couch/src/couch_bt_engine.erl
@@ -671,7 +671,10 @@ id_tree_split(#full_doc_info{} = Info) ->
id_tree_join(Id, {HighSeq, Deleted, DiskTree}) ->
% Handle old formats before data_size was added
- id_tree_join(Id, {HighSeq, Deleted, #size_info{}, DiskTree, []});
+ id_tree_join(Id, {HighSeq, Deleted, #size_info{}, DiskTree});
+
+id_tree_join(Id, {HighSeq, Deleted, Sizes, DiskTree}) ->
+ id_tree_join(Id, {HighSeq, Deleted, Sizes, DiskTree, []});
id_tree_join(Id, {HighSeq, Deleted, Sizes, DiskTree, Access}) ->
#full_doc_info{
id = Id,
@@ -722,7 +725,9 @@ seq_tree_split(#full_doc_info{} = Info) ->
{Seq, {Id, ?b2i(Del), split_sizes(SizeInfo), disk_tree(Tree), split_access(Access)}}.
seq_tree_join(Seq, {Id, Del, DiskTree}) when is_integer(Del) ->
- seq_tree_join(Seq, {Id, Del, {0, 0}, DiskTree, []});
+ seq_tree_join(Seq, {Id, Del, {0, 0}, DiskTree});
+seq_tree_join(Seq, {Id, Del, Sizes, DiskTree}) when is_integer(Del) ->
+ seq_tree_join(Seq, {Id, Del, Sizes, DiskTree, []});
seq_tree_join(Seq, {Id, Del, Sizes, DiskTree, Access}) when is_integer(Del) ->
#full_doc_info{
id = Id,
@@ -733,6 +738,8 @@ seq_tree_join(Seq, {Id, Del, Sizes, DiskTree, Access}) when is_integer(Del) ->
access = join_access(Access)
};
seq_tree_join(KeySeq, {Id, RevInfos, DeletedRevInfos}) ->
+ seq_tree_join(KeySeq, {Id, RevInfos, DeletedRevInfos, []});
+seq_tree_join(KeySeq, {Id, RevInfos, DeletedRevInfos, Access}) ->
% Older versions stored #doc_info records in the seq_tree.
% Compact to upgrade.
Revs = lists:map(
@@ -750,7 +757,8 @@ seq_tree_join(KeySeq, {Id, RevInfos, DeletedRevInfos}) ->
#doc_info{
id = Id,
high_seq = KeySeq,
- revs = Revs ++ DeletedRevs
+ revs = Revs ++ DeletedRevs,
+ access = Access
}.
seq_tree_reduce(reduce, DocInfos) ->
diff --git a/src/couch/src/couch_changes.erl b/src/couch/src/couch_changes.erl
index 089cda975..22685ba4a 100644
--- a/src/couch/src/couch_changes.erl
+++ b/src/couch/src/couch_changes.erl
@@ -688,10 +688,13 @@ maybe_get_changes_doc(_Value, _Acc) ->
[].
load_doc(Db, Value, Opts, DocOpts, Filter) ->
+ %couch_log:error("~ncouch_changes:load_doc(): Value: ~p~n", [Value]),
case couch_index_util:load_doc(Db, Value, Opts) of
null ->
+ %couch_log:error("~ncouch_changes:load_doc(): null~n", []),
[{doc, null}];
Doc ->
+ %couch_log:error("~ncouch_changes:load_doc(): Doc: ~p~n", [Doc]),
[{doc, doc_to_json(Doc, DocOpts, Filter)}]
end.
diff --git a/src/couch/src/couch_db.erl b/src/couch/src/couch_db.erl
index cbe427faa..ead703445 100644
--- a/src/couch/src/couch_db.erl
+++ b/src/couch/src/couch_db.erl
@@ -825,6 +825,7 @@ validate_access3(_) -> throw({forbidden, <<"can't touch this">>}).
check_access(Db, #doc{access=Access}) ->
check_access(Db, Access);
check_access(Db, Access) ->
+ %couch_log:notice("~n Db.user_ctx: ~p, Access: ~p ~n", [Db#db.user_ctx, Access]),
#user_ctx{
name=UserName,
roles=UserRoles
@@ -2037,17 +2038,19 @@ open_doc_int(Db, <<?LOCAL_DOC_PREFIX, _/binary>> = Id, Options) ->
end;
open_doc_int(Db, #doc_info{id = Id, revs = [RevInfo | _], access = Access} = DocInfo, Options) ->
#rev_info{deleted = IsDeleted, rev = {Pos, RevId}, body_sp = Bp} = RevInfo,
- Doc = make_doc(Db, Id, IsDeleted, Bp, {Pos, [RevId], Access}),
- apply_open_options(
- {ok, Doc#doc{meta = doc_meta_info(DocInfo, [], Options)}}, Options, Access
+ Doc = make_doc(Db, Id, IsDeleted, Bp, {Pos, [RevId]}, Access),
+ apply_open_options(Db,
+ {ok, Doc#doc{meta = doc_meta_info(DocInfo, [], Options)}},
+ Options
);
open_doc_int(Db, #full_doc_info{id = Id, rev_tree = RevTree, access = Access} = FullDocInfo, Options) ->
#doc_info{revs = [#rev_info{deleted = IsDeleted, rev = Rev, body_sp = Bp} | _]} =
DocInfo = couch_doc:to_doc_info(FullDocInfo),
{[{_, RevPath}], []} = couch_key_tree:get(RevTree, [Rev]),
Doc = make_doc(Db, Id, IsDeleted, Bp, RevPath, Access),
- apply_open_options(
- {ok, Doc#doc{meta = doc_meta_info(DocInfo, RevTree, Options)}}, Options, Access
+ apply_open_options(Db,
+ {ok, Doc#doc{meta = doc_meta_info(DocInfo, RevTree, Options)}},
+ Options
);
open_doc_int(Db, Id, Options) ->
case get_full_doc_info(Db, Id) of
diff --git a/src/couch/src/couch_db_updater.erl b/src/couch/src/couch_db_updater.erl
index e61934e51..ce01eaeef 100644
--- a/src/couch/src/couch_db_updater.erl
+++ b/src/couch/src/couch_db_updater.erl
@@ -736,7 +736,14 @@ update_docs_int(Db, DocsList, LocalDocs, MergeConflicts, UserCtx) ->
%. if invalid, then send_result tagged `access`(c.f. `conflict)
%. and don’t add to DLV, nor ODI
+ %couch_log:notice("~nDb: ~p, UserCtx: ~p~n", [Db, UserCtx]),
+
+
{ DocsListValidated, OldDocInfosValidated } = validate_docs_access(Db, UserCtx, DocsList, OldDocInfos),
+
+ %couch_log:notice("~nDocsListValidated: ~p, OldDocInfosValidated: ~p~n", [DocsListValidated, OldDocInfosValidated]),
+
+
{ok, AccOut} = merge_rev_trees(DocsListValidated, OldDocInfosValidated, AccIn),
#merge_acc{
add_infos = NewFullDocInfos,
@@ -799,14 +806,17 @@ validate_docs_access(Db, UserCtx, DocsList, OldDocInfos) ->
validate_docs_access_int(Db, UserCtx, DocsList, OldDocInfos) ->
validate_docs_access(Db, UserCtx, DocsList, OldDocInfos, [], []).
-validate_docs_access(_Db, UserCtx, [], [], DocsListValidated, OldDocInfosValidated) ->
+validate_docs_access(_Db, _UserCtx, [], [], DocsListValidated, OldDocInfosValidated) ->
{ lists:reverse(DocsListValidated), lists:reverse(OldDocInfosValidated) };
validate_docs_access(Db, UserCtx, [Docs | DocRest], [OldInfo | OldInfoRest], DocsListValidated, OldDocInfosValidated) ->
% loop over Docs as {Client, NewDoc}
% validate Doc
% if valid, then put back in Docs
% if not, then send_result and skip
+ %couch_log:notice("~nvalidate_docs_access() UserCtx: ~p, Docs: ~p, OldInfo: ~p~n", [UserCtx, Docs, OldInfo]),
NewDocs = lists:foldl(fun({ Client, Doc }, Acc) ->
+ %couch_log:notice("~nvalidate_docs_access lists:foldl() Doc: ~p Doc#doc.access: ~p~n", [Doc, Doc#doc.access]),
+
% check if we are allowed to update the doc, skip when new doc
OldDocMatchesAccess = case OldInfo#full_doc_info.rev_tree of
[] -> true;
@@ -814,6 +824,8 @@ validate_docs_access(Db, UserCtx, [Docs | DocRest], [OldInfo | OldInfoRest], Doc
end,
NewDocMatchesAccess = check_access(Db, UserCtx, Doc#doc.access),
+ %couch_log:notice("~nvalidate_docs_access lists:foldl() OldDocMatchesAccess: ~p, NewDocMatchesAccess: ~p, andalso: ~p~n", [OldDocMatchesAccess, NewDocMatchesAccess, OldDocMatchesAccess andalso NewDocMatchesAccess]),
+
case OldDocMatchesAccess andalso NewDocMatchesAccess of
true -> % if valid, then send to DocsListValidated, OldDocsInfo
% and store the access context on the new doc
diff --git a/src/couch/src/couch_doc.erl b/src/couch/src/couch_doc.erl
index 087f4d09b..9f30c1979 100644
--- a/src/couch/src/couch_doc.erl
+++ b/src/couch/src/couch_doc.erl
@@ -351,13 +351,8 @@ transfer_fields([{<<"_conflicts">>, _} | Rest], Doc, DbName) ->
transfer_fields(Rest, Doc, DbName);
transfer_fields([{<<"_deleted_conflicts">>, _} | Rest], Doc, DbName) ->
transfer_fields(Rest, Doc, DbName);
-% special field for per doc access control, for future compatibility
-transfer_fields(
- [{<<"_access">>, _} = Field | Rest],
- #doc{body = Fields} = Doc,
- DbName
-) ->
- transfer_fields(Rest, Doc#doc{body = [Field | Fields]}, DbName);
+transfer_fields([{<<"_access">>, Access} = Field | Rest], Doc, DbName) ->
+ transfer_fields(Rest, Doc#doc{access = Access}, DbName);
% special fields for replication documents
transfer_fields(
[{<<"_replication_state">>, _} = Field | Rest],
diff --git a/src/couch/test/eunit/couchdb_access_tests.erl b/src/couch/test/eunit/couchdb_access_tests.erl
index e69de29bb..28f27ea72 100644
--- a/src/couch/test/eunit/couchdb_access_tests.erl
+++ b/src/couch/test/eunit/couchdb_access_tests.erl
@@ -0,0 +1,1039 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(couchdb_access_tests).
+
+-include_lib("couch/include/couch_eunit.hrl").
+
+-define(CONTENT_JSON, {"Content-Type", "application/json"}).
+-define(ADMIN_REQ_HEADERS, [?CONTENT_JSON, {basic_auth, {"a", "a"}}]).
+-define(USERX_REQ_HEADERS, [?CONTENT_JSON, {basic_auth, {"x", "x"}}]).
+-define(USERY_REQ_HEADERS, [?CONTENT_JSON, {basic_auth, {"y", "y"}}]).
+-define(SECURITY_OBJECT, {[
+ {<<"members">>,{[{<<"roles">>,[<<"_admin">>, <<"_users">>]}]}},
+ {<<"admins">>, {[{<<"roles">>,[<<"_admin">>]}]}}
+]}).
+
+url() ->
+ Addr = config:get("httpd", "bind_address", "127.0.0.1"),
+ lists:concat(["http://", Addr, ":", port()]).
+
+before_each(_) ->
+ R = test_request:put(url() ++ "/db?q=1&n=1&access=true", ?ADMIN_REQ_HEADERS, ""),
+ %?debugFmt("~nRequest: ~p~n", [R]),
+ {ok, 201, _, _} = R,
+ {ok, _, _, _} = test_request:put(url() ++ "/db/_security", ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+ url().
+
+after_each(_, Url) ->
+ {ok, 200, _, _} = test_request:delete(Url ++ "/db", ?ADMIN_REQ_HEADERS),
+ {_, _, _, _} = test_request:delete(Url ++ "/db2", ?ADMIN_REQ_HEADERS),
+ {_, _, _, _} = test_request:delete(Url ++ "/db3", ?ADMIN_REQ_HEADERS),
+ ok.
+
+before_all() ->
+ Couch = test_util:start_couch([chttpd, couch_replicator]),
+ Hashed = couch_passwords:hash_admin_password("a"),
+ ok = config:set("admins", "a", binary_to_list(Hashed), _Persist=false),
+ ok = config:set("couchdb", "uuid", "21ac467c1bc05e9d9e9d2d850bb1108f", _Persist=false),
+ ok = config:set("log", "level", "debug", _Persist=false),
+
+ % cleanup and setup
+ {ok, _, _, _} = test_request:delete(url() ++ "/db", ?ADMIN_REQ_HEADERS),
+ % {ok, _, _, _} = test_request:put(url() ++ "/db?q=1&n=1&access=true", ?ADMIN_REQ_HEADERS, ""),
+
+ % create users
+ UserDbUrl = url() ++ "/_users?q=1&n=1",
+ {ok, _, _, _} = test_request:delete(UserDbUrl, ?ADMIN_REQ_HEADERS, ""),
+ {ok, 201, _, _} = test_request:put(UserDbUrl, ?ADMIN_REQ_HEADERS, ""),
+
+ UserXDocUrl = url() ++ "/_users/org.couchdb.user:x",
+ UserXDocBody = "{ \"name\":\"x\", \"roles\": [], \"password\":\"x\", \"type\": \"user\" }",
+ {ok, 201, _, _} = test_request:put(UserXDocUrl, ?ADMIN_REQ_HEADERS, UserXDocBody),
+
+ UserYDocUrl = url() ++ "/_users/org.couchdb.user:y",
+ UserYDocBody = "{ \"name\":\"y\", \"roles\": [], \"password\":\"y\", \"type\": \"user\" }",
+ {ok, 201, _, _} = test_request:put(UserYDocUrl, ?ADMIN_REQ_HEADERS, UserYDocBody),
+ Couch.
+
+after_all(_) ->
+ UserDbUrl = url() ++ "/_users",
+ {ok, _, _, _} = test_request:delete(UserDbUrl, ?ADMIN_REQ_HEADERS, ""),
+ ok = test_util:stop_couch(done).
+
+access_test_() ->
+ Tests = [
+ % Doc creation
+ fun should_not_let_anonymous_user_create_doc/2,
+ fun should_let_admin_create_doc_with_access/2,
+ fun should_let_admin_create_doc_without_access/2,
+ fun should_let_user_create_doc_for_themselves/2,
+ fun should_not_let_user_create_doc_for_someone_else/2,
+ fun should_let_user_create_access_ddoc/2,
+ fun access_ddoc_should_have_no_effects/2,
+
+ % Doc updates
+ fun users_with_access_can_update_doc/2,
+ fun users_without_access_can_not_update_doc/2,
+ fun users_with_access_can_not_change_access/2,
+ fun users_with_access_can_not_remove_access/2,
+
+ % Doc reads
+ fun should_let_admin_read_doc_with_access/2,
+ fun user_with_access_can_read_doc/2,
+ fun user_without_access_can_not_read_doc/2,
+ fun user_can_not_read_doc_without_access/2,
+ fun admin_with_access_can_read_conflicted_doc/2,
+ fun user_with_access_can_not_read_conflicted_doc/2,
+
+ % Doc deletes
+ fun should_let_admin_delete_doc_with_access/2,
+ fun should_let_user_delete_doc_for_themselves/2,
+ fun should_not_let_user_delete_doc_for_someone_else/2,
+
+ % _all_docs with include_docs
+ fun should_let_admin_fetch_all_docs/2,
+ fun should_let_user_fetch_their_own_all_docs/2,
+
+
+ % _changes
+ fun should_let_admin_fetch_changes/2,
+ fun should_let_user_fetch_their_own_changes/2,
+
+ % views
+ fun should_not_allow_admin_access_ddoc_view_request/2,
+ fun should_not_allow_user_access_ddoc_view_request/2,
+ fun should_allow_admin_users_access_ddoc_view_request/2,
+ fun should_allow_user_users_access_ddoc_view_request/2,
+
+ % replication
+ fun should_allow_admin_to_replicate_from_access_to_access/2,
+ fun should_allow_admin_to_replicate_from_no_access_to_access/2,
+ fun should_allow_admin_to_replicate_from_access_to_no_access/2,
+ fun should_allow_admin_to_replicate_from_no_access_to_no_access/2,
+ %
+ fun should_allow_user_to_replicate_from_access_to_access/2,
+ fun should_allow_user_to_replicate_from_access_to_no_access/2,
+ fun should_allow_user_to_replicate_from_no_access_to_access/2,
+ fun should_allow_user_to_replicate_from_no_access_to_no_access/2,
+
+ % _revs_diff for docs you don’t have access to
+ fun should_not_allow_user_to_revs_diff_other_docs/2
+
+
+ % TODO: create test db with role and not _users in _security.members
+ % and make sure a user in that group can access while a user not
+ % in that group cant
+ % % potential future feature
+ % % fun should_let_user_fetch_their_own_all_docs_plus_users_ddocs/2%,
+ ],
+ {
+ "Access tests",
+ {
+ setup,
+ fun before_all/0, fun after_all/1,
+ [
+ make_test_cases(clustered, Tests)
+ ]
+ }
+ }.
+
+make_test_cases(Mod, Funs) ->
+ {
+ lists:flatten(io_lib:format("~s", [Mod])),
+ {foreachx, fun before_each/1, fun after_each/2, [{Mod, Fun} || Fun <- Funs]}
+ }.
+
+% Doc creation
+ % http://127.0.0.1:64903/db/a?revs=true&open_revs=%5B%221-23202479633c2b380f79507a776743d5%22%5D&latest=true
+
+% should_do_the_thing(_PortType, Url) ->
+% ?_test(begin
+% {ok, _, _, _} = test_request:put(Url ++ "/db/a",
+% ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+% {ok, Code, _, _} = test_request:get(Url ++ "/db/a?revs=true&open_revs=%5B%221-23202479633c2b380f79507a776743d5%22%5D&latest=true",
+% ?USERX_REQ_HEADERS),
+% ?assertEqual(200, Code)
+% end).
+%
+
+should_not_let_anonymous_user_create_doc(_PortType, Url) ->
+ % TODO: debugging leftover
+ % BulkDocsBody = {[
+ % {<<"docs">>, [
+ % {[{<<"_id">>, <<"a">>}]},
+ % {[{<<"_id">>, <<"a">>}]},
+ % {[{<<"_id">>, <<"b">>}]},
+ % {[{<<"_id">>, <<"c">>}]}
+ % ]}
+ % ]},
+ % Resp = test_request:post(Url ++ "/db/_bulk_docs", ?ADMIN_REQ_HEADERS, jiffy:encode(BulkDocsBody)),
+ % ?debugFmt("~nResp: ~p~n", [Resp]),
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/a", "{\"a\":1,\"_access\":[\"x\"]}"),
+ ?_assertEqual(401, Code).
+
+should_let_admin_create_doc_with_access(_PortType, Url) ->
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ ?_assertEqual(201, Code).
+
+should_let_admin_create_doc_without_access(_PortType, Url) ->
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1}"),
+ ?_assertEqual(201, Code).
+
+should_let_user_create_doc_for_themselves(_PortType, Url) ->
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ ?_assertEqual(201, Code).
+
+should_not_let_user_create_doc_for_someone_else(_PortType, Url) ->
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/c",
+ ?USERY_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ ?_assertEqual(403, Code).
+
+should_let_user_create_access_ddoc(_PortType, Url) ->
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/dx",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ ?_assertEqual(201, Code).
+
+access_ddoc_should_have_no_effects(_PortType, Url) ->
+ ?_test(begin
+ Ddoc = "{ \"_access\":[\"x\"], \"validate_doc_update\": \"function(newDoc, oldDoc, userCtx) { throw({unauthorized: 'throw error'})}\", \"views\": { \"foo\": { \"map\": \"function(doc) { emit(doc._id) }\" } }, \"shows\": { \"boo\": \"function() {}\" }, \"lists\": { \"hoo\": \"function() {}\" }, \"update\": { \"goo\": \"function() {}\" }, \"filters\": { \"loo\": \"function() {}\" } }",
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/dx",
+ ?USERX_REQ_HEADERS, Ddoc),
+ ?assertEqual(201, Code),
+ {ok, Code1, _, _} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ ?assertEqual(201, Code1),
+ {ok, Code2, _, _} = test_request:get(Url ++ "/db/_design/dx/_view/foo",
+ ?USERX_REQ_HEADERS),
+ ?assertEqual(404, Code2),
+ {ok, Code3, _, _} = test_request:get(Url ++ "/db/_design/dx/_show/boo/b",
+ ?USERX_REQ_HEADERS),
+ ?assertEqual(404, Code3),
+ {ok, Code4, _, _} = test_request:get(Url ++ "/db/_design/dx/_list/hoo/foo",
+ ?USERX_REQ_HEADERS),
+ ?assertEqual(404, Code4),
+ {ok, Code5, _, _} = test_request:post(Url ++ "/db/_design/dx/_update/goo",
+ ?USERX_REQ_HEADERS, ""),
+ ?assertEqual(404, Code5),
+ {ok, Code6, _, _} = test_request:get(Url ++ "/db/_changes?filter=dx/loo",
+ ?USERX_REQ_HEADERS),
+ ?assertEqual(404, Code6),
+ {ok, Code7, _, _} = test_request:get(Url ++ "/db/_changes?filter=_view&view=dx/foo",
+ ?USERX_REQ_HEADERS),
+ ?assertEqual(404, Code7)
+ end).
+
+% Doc updates
+
+users_with_access_can_update_doc(_PortType, Url) ->
+ {ok, _, _, Body} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {Json} = jiffy:decode(Body),
+ Rev = couch_util:get_value(<<"rev">>, Json),
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS,
+ "{\"a\":2,\"_access\":[\"x\"],\"_rev\":\"" ++ binary_to_list(Rev) ++ "\"}"),
+ ?_assertEqual(201, Code).
+
+users_without_access_can_not_update_doc(_PortType, Url) ->
+ {ok, _, _, Body} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {Json} = jiffy:decode(Body),
+ Rev = couch_util:get_value(<<"rev">>, Json),
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/b",
+ ?USERY_REQ_HEADERS,
+ "{\"a\":2,\"_access\":[\"y\"],\"_rev\":\"" ++ binary_to_list(Rev) ++ "\"}"),
+ ?_assertEqual(403, Code).
+
+users_with_access_can_not_change_access(_PortType, Url) ->
+ {ok, _, _, Body} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {Json} = jiffy:decode(Body),
+ Rev = couch_util:get_value(<<"rev">>, Json),
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS,
+ "{\"a\":2,\"_access\":[\"y\"],\"_rev\":\"" ++ binary_to_list(Rev) ++ "\"}"),
+ ?_assertEqual(403, Code).
+
+users_with_access_can_not_remove_access(_PortType, Url) ->
+ {ok, _, _, Body} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {Json} = jiffy:decode(Body),
+ Rev = couch_util:get_value(<<"rev">>, Json),
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS,
+ "{\"a\":2,\"_rev\":\"" ++ binary_to_list(Rev) ++ "\"}"),
+ ?_assertEqual(403, Code).
+
+% Doc reads
+
+should_let_admin_read_doc_with_access(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS),
+ ?_assertEqual(200, Code).
+
+user_with_access_can_read_doc(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS),
+ ?_assertEqual(200, Code).
+
+user_with_access_can_not_read_conflicted_doc(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"_id\":\"f1\",\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a?new_edits=false",
+ ?ADMIN_REQ_HEADERS, "{\"_id\":\"f1\",\"_rev\":\"7-XYZ\",\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS),
+ ?_assertEqual(403, Code).
+
+admin_with_access_can_read_conflicted_doc(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"_id\":\"a\",\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a?new_edits=false",
+ ?ADMIN_REQ_HEADERS, "{\"_id\":\"a\",\"_rev\":\"7-XYZ\",\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS),
+ ?_assertEqual(200, Code).
+
+user_without_access_can_not_read_doc(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?USERY_REQ_HEADERS),
+ ?_assertEqual(403, Code).
+
+user_can_not_read_doc_without_access(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1}"),
+ {ok, Code, _, _} = test_request:get(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS),
+ ?_assertEqual(403, Code).
+
+% Doc deletes
+
+should_let_admin_delete_doc_with_access(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5",
+ ?ADMIN_REQ_HEADERS),
+ ?_assertEqual(200, Code).
+
+should_let_user_delete_doc_for_themselves(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:get(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS),
+ {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5",
+ ?USERX_REQ_HEADERS),
+ ?_assertEqual(200, Code).
+
+should_not_let_user_delete_doc_for_someone_else(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?USERX_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, Code, _, _} = test_request:delete(Url ++ "/db/a?rev=1-23202479633c2b380f79507a776743d5",
+ ?USERY_REQ_HEADERS),
+ ?_assertEqual(403, Code).
+
+% _all_docs with include_docs
+
+should_let_admin_fetch_all_docs(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/d",
+ ?ADMIN_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
+ {ok, 200, _, Body} = test_request:get(Url ++ "/db/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(Body),
+ ?_assertEqual(4, proplists:get_value(<<"total_rows">>, Json)).
+
+should_let_user_fetch_their_own_all_docs(_PortType, Url) ->
+ ?_test(begin
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/b",
+ ?USERX_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/d",
+ ?USERY_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
+ {ok, 200, _, Body} = test_request:get(Url ++ "/db/_all_docs?include_docs=true",
+ ?USERX_REQ_HEADERS),
+ {Json} = jiffy:decode(Body),
+ Rows = proplists:get_value(<<"rows">>, Json),
+ ?assertEqual([{[{<<"id">>,<<"a">>},
+ {<<"key">>,<<"a">>},
+ {<<"value">>,<<"1-23202479633c2b380f79507a776743d5">>},
+ {<<"doc">>,
+ {[{<<"_id">>,<<"a">>},
+ {<<"_rev">>,<<"1-23202479633c2b380f79507a776743d5">>},
+ {<<"a">>,1},
+ {<<"_access">>,[<<"x">>]}]}}]},
+ {[{<<"id">>,<<"b">>},
+ {<<"key">>,<<"b">>},
+ {<<"value">>,<<"1-d33fb05384fa65a8081da2046595de0f">>},
+ {<<"doc">>,
+ {[{<<"_id">>,<<"b">>},
+ {<<"_rev">>,<<"1-d33fb05384fa65a8081da2046595de0f">>},
+ {<<"b">>,2},
+ {<<"_access">>,[<<"x">>]}]}}]}], Rows),
+ ?assertEqual(2, length(Rows)),
+ ?assertEqual(4, proplists:get_value(<<"total_rows">>, Json)),
+
+ {ok, 200, _, Body1} = test_request:get(Url ++ "/db/_all_docs?include_docs=true",
+ ?USERY_REQ_HEADERS),
+ {Json1} = jiffy:decode(Body1),
+ ?assertEqual( [{<<"total_rows">>,4},
+ {<<"offset">>,2},
+ {<<"rows">>,
+ [{[{<<"id">>,<<"c">>},
+ {<<"key">>,<<"c">>},
+ {<<"value">>,<<"1-92aef5b0e4a3f4db0aba1320869bc95d">>},
+ {<<"doc">>,
+ {[{<<"_id">>,<<"c">>},
+ {<<"_rev">>,<<"1-92aef5b0e4a3f4db0aba1320869bc95d">>},
+ {<<"c">>,3},
+ {<<"_access">>,[<<"y">>]}]}}]},
+ {[{<<"id">>,<<"d">>},
+ {<<"key">>,<<"d">>},
+ {<<"value">>,<<"1-ae984f6550038b1ed1565ac4b6cd8c5d">>},
+ {<<"doc">>,
+ {[{<<"_id">>,<<"d">>},
+ {<<"_rev">>,<<"1-ae984f6550038b1ed1565ac4b6cd8c5d">>},
+ {<<"d">>,4},
+ {<<"_access">>,[<<"y">>]}]}}]}]}], Json1)
+ end).
+
+
+% _changes
+
+should_let_admin_fetch_changes(_PortType, Url) ->
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/d",
+ ?ADMIN_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
+ {ok, 200, _, Body} = test_request:get(Url ++ "/db/_changes",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(Body),
+ AmountOfDocs = length(proplists:get_value(<<"results">>, Json)),
+ ?_assertEqual(4, AmountOfDocs).
+
+should_let_user_fetch_their_own_changes(_PortType, Url) ->
+ ?_test(begin
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+ {ok, 201, _, _} = test_request:put(Url ++ "/db/d",
+ ?ADMIN_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
+ {ok, 200, _, Body} = test_request:get(Url ++ "/db/_changes",
+ ?USERX_REQ_HEADERS),
+ {Json} = jiffy:decode(Body),
+ ?assertMatch([{<<"results">>,
+ [{[{<<"seq">>,
+ <<"2-", _/binary>>},
+ {<<"id">>,<<"a">>},
+ {<<"changes">>,
+ [{[{<<"rev">>,<<"1-23202479633c2b380f79507a776743d5">>}]}]}]},
+ {[{<<"seq">>,
+ <<"3-", _/binary>>},
+ {<<"id">>,<<"b">>},
+ {<<"changes">>,
+ [{[{<<"rev">>,<<"1-d33fb05384fa65a8081da2046595de0f">>}]}]}]}]},
+ {<<"last_seq">>,
+ <<"3-", _/binary>>},
+ {<<"pending">>,2}], Json),
+ AmountOfDocs = length(proplists:get_value(<<"results">>, Json)),
+ ?assertEqual(2, AmountOfDocs)
+ end).
+
+% views
+
+should_not_allow_admin_access_ddoc_view_request(_PortType, Url) ->
+ DDoc = "{\"a\":1,\"_access\":[\"x\"],\"views\":{\"foo\":{\"map\":\"function() {}\"}}}",
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/a",
+ ?ADMIN_REQ_HEADERS, DDoc),
+ ?assertEqual(201, Code),
+ {ok, Code1, _, _} = test_request:get(Url ++ "/db/_design/a/_view/foo",
+ ?ADMIN_REQ_HEADERS),
+ ?_assertEqual(404, Code1).
+
+should_not_allow_user_access_ddoc_view_request(_PortType, Url) ->
+ DDoc = "{\"a\":1,\"_access\":[\"x\"],\"views\":{\"foo\":{\"map\":\"function() {}\"}}}",
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/a",
+ ?ADMIN_REQ_HEADERS, DDoc),
+ ?assertEqual(201, Code),
+ {ok, Code1, _, _} = test_request:get(Url ++ "/db/_design/a/_view/foo",
+ ?USERX_REQ_HEADERS),
+ ?_assertEqual(404, Code1).
+
+should_allow_admin_users_access_ddoc_view_request(_PortType, Url) ->
+ DDoc = "{\"a\":1,\"_access\":[\"_users\"],\"views\":{\"foo\":{\"map\":\"function() {}\"}}}",
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/a",
+ ?ADMIN_REQ_HEADERS, DDoc),
+ ?assertEqual(201, Code),
+ {ok, Code1, _, _} = test_request:get(Url ++ "/db/_design/a/_view/foo",
+ ?ADMIN_REQ_HEADERS),
+ ?_assertEqual(200, Code1).
+
+should_allow_user_users_access_ddoc_view_request(_PortType, Url) ->
+ DDoc = "{\"a\":1,\"_access\":[\"_users\"],\"views\":{\"foo\":{\"map\":\"function() {}\"}}}",
+ {ok, Code, _, _} = test_request:put(Url ++ "/db/_design/a",
+ ?ADMIN_REQ_HEADERS, DDoc),
+ ?assertEqual(201, Code),
+ {ok, Code1, _, _} = test_request:get(Url ++ "/db/_design/a/_view/foo",
+ ?USERX_REQ_HEADERS),
+ ?_assertEqual(200, Code1).
+
+% replication
+
+should_allow_admin_to_replicate_from_access_to_access(_PortType, Url) ->
+ ?_test(begin
+ % create target db
+ {ok, 201, _, _} = test_request:put(url() ++ "/db2?q=1&n=1&access=true",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db2/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+
+ % create source docs
+ {ok, _, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"x\"]}"),
+
+ % replicate
+ AdminUrl = string:replace(Url, "http://", "http://a:a@"),
+ EJRequestBody = {[
+ {<<"source">>, list_to_binary(AdminUrl ++ "/db")},
+ {<<"target">>, list_to_binary(AdminUrl ++ "/db2")}
+ ]},
+ {ok, ResponseCode, _, ResponseBody} = test_request:post(Url ++ "/_replicate",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(EJRequestBody)),
+
+ % assert replication status
+ {EJResponseBody} = jiffy:decode(ResponseBody),
+ ?assertEqual(ResponseCode, 200),
+ ?assertEqual(true, couch_util:get_value(<<"ok">>, EJResponseBody)),
+ [{History}] = couch_util:get_value(<<"history">>, EJResponseBody),
+
+ MissingChecked = couch_util:get_value(<<"missing_checked">>, History),
+ MissingFound = couch_util:get_value(<<"missing_found">>, History),
+ DocsReard = couch_util:get_value(<<"docs_read">>, History),
+ DocsWritten = couch_util:get_value(<<"docs_written">>, History),
+ DocWriteFailures = couch_util:get_value(<<"doc_write_failures">>, History),
+
+ ?assertEqual(3, MissingChecked),
+ ?assertEqual(3, MissingFound),
+ ?assertEqual(3, DocsReard),
+ ?assertEqual(3, DocsWritten),
+ ?assertEqual(0, DocWriteFailures),
+
+ % assert docs in target db
+ {ok, 200, _, ADBody} = test_request:get(Url ++ "/db2/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(ADBody),
+ ?assertEqual(3, proplists:get_value(<<"total_rows">>, Json))
+ end).
+
+should_allow_admin_to_replicate_from_no_access_to_access(_PortType, Url) ->
+ ?_test(begin
+ % create target db
+ {ok, 201, _, _} = test_request:put(url() ++ "/db2?q=1&n=1",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db2/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+
+ % create source docs
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"x\"]}"),
+
+ % replicate
+ AdminUrl = string:replace(Url, "http://", "http://a:a@"),
+ EJRequestBody = {[
+ {<<"source">>, list_to_binary(AdminUrl ++ "/db2")},
+ {<<"target">>, list_to_binary(AdminUrl ++ "/db")}
+ ]},
+ {ok, ResponseCode, _, ResponseBody} = test_request:post(Url ++ "/_replicate",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(EJRequestBody)),
+
+ % assert replication status
+ {EJResponseBody} = jiffy:decode(ResponseBody),
+ ?assertEqual(ResponseCode, 200),
+ ?assertEqual(true, couch_util:get_value(<<"ok">>, EJResponseBody)),
+ [{History}] = couch_util:get_value(<<"history">>, EJResponseBody),
+
+ MissingChecked = couch_util:get_value(<<"missing_checked">>, History),
+ MissingFound = couch_util:get_value(<<"missing_found">>, History),
+ DocsReard = couch_util:get_value(<<"docs_read">>, History),
+ DocsWritten = couch_util:get_value(<<"docs_written">>, History),
+ DocWriteFailures = couch_util:get_value(<<"doc_write_failures">>, History),
+
+ ?assertEqual(3, MissingChecked),
+ ?assertEqual(3, MissingFound),
+ ?assertEqual(3, DocsReard),
+ ?assertEqual(3, DocsWritten),
+ ?assertEqual(0, DocWriteFailures),
+
+ % assert docs in target db
+ {ok, 200, _, ADBody} = test_request:get(Url ++ "/db/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(ADBody),
+ ?assertEqual(3, proplists:get_value(<<"total_rows">>, Json))
+ end).
+
+should_allow_admin_to_replicate_from_access_to_no_access(_PortType, Url) ->
+ ?_test(begin
+ % create target db
+ {ok, 201, _, _} = test_request:put(url() ++ "/db2?q=1&n=1",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db2/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+
+ % create source docs
+ {ok, _, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"x\"]}"),
+
+ % replicate
+ AdminUrl = string:replace(Url, "http://", "http://a:a@"),
+ EJRequestBody = {[
+ {<<"source">>, list_to_binary(AdminUrl ++ "/db")},
+ {<<"target">>, list_to_binary(AdminUrl ++ "/db2")}
+ ]},
+ {ok, ResponseCode, _, ResponseBody} = test_request:post(Url ++ "/_replicate",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(EJRequestBody)),
+
+ % assert replication status
+ {EJResponseBody} = jiffy:decode(ResponseBody),
+ ?assertEqual(ResponseCode, 200),
+ ?assertEqual(true, couch_util:get_value(<<"ok">>, EJResponseBody)),
+ [{History}] = couch_util:get_value(<<"history">>, EJResponseBody),
+
+ MissingChecked = couch_util:get_value(<<"missing_checked">>, History),
+ MissingFound = couch_util:get_value(<<"missing_found">>, History),
+ DocsReard = couch_util:get_value(<<"docs_read">>, History),
+ DocsWritten = couch_util:get_value(<<"docs_written">>, History),
+ DocWriteFailures = couch_util:get_value(<<"doc_write_failures">>, History),
+
+ ?assertEqual(3, MissingChecked),
+ ?assertEqual(3, MissingFound),
+ ?assertEqual(3, DocsReard),
+ ?assertEqual(3, DocsWritten),
+ ?assertEqual(0, DocWriteFailures),
+
+ % assert docs in target db
+ {ok, 200, _, ADBody} = test_request:get(Url ++ "/db2/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(ADBody),
+ ?assertEqual(3, proplists:get_value(<<"total_rows">>, Json))
+ end).
+
+should_allow_admin_to_replicate_from_no_access_to_no_access(_PortType, Url) ->
+ ?_test(begin
+ % create source and target dbs
+ {ok, 201, _, _} = test_request:put(url() ++ "/db2?q=1&n=1",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db2/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+
+ {ok, 201, _, _} = test_request:put(url() ++ "/db3?q=1&n=1",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db3/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+
+ % create source docs
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"x\"]}"),
+
+ % replicate
+ AdminUrl = string:replace(Url, "http://", "http://a:a@"),
+ EJRequestBody = {[
+ {<<"source">>, list_to_binary(AdminUrl ++ "/db2")},
+ {<<"target">>, list_to_binary(AdminUrl ++ "/db3")}
+ ]},
+ {ok, ResponseCode, _, ResponseBody} = test_request:post(Url ++ "/_replicate",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(EJRequestBody)),
+
+ % assert replication status
+ {EJResponseBody} = jiffy:decode(ResponseBody),
+ ?assertEqual(ResponseCode, 200),
+ ?assertEqual(true, couch_util:get_value(<<"ok">>, EJResponseBody)),
+ [{History}] = couch_util:get_value(<<"history">>, EJResponseBody),
+
+ MissingChecked = couch_util:get_value(<<"missing_checked">>, History),
+ MissingFound = couch_util:get_value(<<"missing_found">>, History),
+ DocsReard = couch_util:get_value(<<"docs_read">>, History),
+ DocsWritten = couch_util:get_value(<<"docs_written">>, History),
+ DocWriteFailures = couch_util:get_value(<<"doc_write_failures">>, History),
+
+ ?assertEqual(3, MissingChecked),
+ ?assertEqual(3, MissingFound),
+ ?assertEqual(3, DocsReard),
+ ?assertEqual(3, DocsWritten),
+ ?assertEqual(0, DocWriteFailures),
+
+ % assert docs in target db
+ {ok, 200, _, ADBody} = test_request:get(Url ++ "/db3/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(ADBody),
+ ?assertEqual(3, proplists:get_value(<<"total_rows">>, Json))
+ end).
+
+should_allow_user_to_replicate_from_access_to_access(_PortType, Url) ->
+ ?_test(begin
+ % create source and target dbs
+ {ok, 201, _, _} = test_request:put(url() ++ "/db2?q=1&n=1&access=true",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db2/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+
+ % create source docs
+ {ok, _, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+
+ % replicate
+ UserXUrl = string:replace(Url, "http://", "http://x:x@"),
+ EJRequestBody = {[
+ {<<"source">>, list_to_binary(UserXUrl ++ "/db")},
+ {<<"target">>, list_to_binary(UserXUrl ++ "/db2")}
+ ]},
+ {ok, ResponseCode, _, ResponseBody} = test_request:post(Url ++ "/_replicate",
+ ?USERX_REQ_HEADERS, jiffy:encode(EJRequestBody)),
+ % ?debugFmt("~nResponseBody: ~p~n", [ResponseBody]),
+
+ % assert replication status
+ {EJResponseBody} = jiffy:decode(ResponseBody),
+ ?assertEqual(ResponseCode, 200),
+ ?assertEqual(true, couch_util:get_value(<<"ok">>, EJResponseBody)),
+
+ [{History}] = couch_util:get_value(<<"history">>, EJResponseBody),
+
+ MissingChecked = couch_util:get_value(<<"missing_checked">>, History),
+ MissingFound = couch_util:get_value(<<"missing_found">>, History),
+ DocsReard = couch_util:get_value(<<"docs_read">>, History),
+ DocsWritten = couch_util:get_value(<<"docs_written">>, History),
+ DocWriteFailures = couch_util:get_value(<<"doc_write_failures">>, History),
+
+ ?assertEqual(2, MissingChecked),
+ ?assertEqual(2, MissingFound),
+ ?assertEqual(2, DocsReard),
+ ?assertEqual(2, DocsWritten),
+ ?assertEqual(0, DocWriteFailures),
+
+ % assert access in local doc
+ ReplicationId = couch_util:get_value(<<"replication_id">>, EJResponseBody),
+ {ok, 200, _, CheckPoint} = test_request:get(Url ++ "/db/_local/" ++ ReplicationId,
+ ?USERX_REQ_HEADERS),
+ {EJCheckPoint} = jiffy:decode(CheckPoint),
+ Access = couch_util:get_value(<<"_access">>, EJCheckPoint),
+ ?assertEqual([<<"x">>], Access),
+
+ % make sure others can’t read our local docs
+ {ok, 403, _, _} = test_request:get(Url ++ "/db/_local/" ++ ReplicationId,
+ ?USERY_REQ_HEADERS),
+
+ % assert docs in target db
+ {ok, 200, _, ADBody} = test_request:get(Url ++ "/db2/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(ADBody),
+ ?assertEqual(2, proplists:get_value(<<"total_rows">>, Json))
+ end).
+
+should_allow_user_to_replicate_from_access_to_no_access(_PortType, Url) ->
+ ?_test(begin
+ % create source and target dbs
+ {ok, 201, _, _} = test_request:put(url() ++ "/db2?q=1&n=1",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db2/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+
+ % create source docs
+ {ok, _, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+
+ % replicate
+ UserXUrl = string:replace(Url, "http://", "http://x:x@"),
+ EJRequestBody = {[
+ {<<"source">>, list_to_binary(UserXUrl ++ "/db")},
+ {<<"target">>, list_to_binary(UserXUrl ++ "/db2")}
+ ]},
+ {ok, ResponseCode, _, ResponseBody} = test_request:post(Url ++ "/_replicate",
+ ?USERX_REQ_HEADERS, jiffy:encode(EJRequestBody)),
+
+ % assert replication status
+ {EJResponseBody} = jiffy:decode(ResponseBody),
+ ?assertEqual(ResponseCode, 200),
+ ?assertEqual(true, couch_util:get_value(<<"ok">>, EJResponseBody)),
+ [{History}] = couch_util:get_value(<<"history">>, EJResponseBody),
+
+ MissingChecked = couch_util:get_value(<<"missing_checked">>, History),
+ MissingFound = couch_util:get_value(<<"missing_found">>, History),
+ DocsReard = couch_util:get_value(<<"docs_read">>, History),
+ DocsWritten = couch_util:get_value(<<"docs_written">>, History),
+ DocWriteFailures = couch_util:get_value(<<"doc_write_failures">>, History),
+
+ ?assertEqual(2, MissingChecked),
+ ?assertEqual(2, MissingFound),
+ ?assertEqual(2, DocsReard),
+ ?assertEqual(2, DocsWritten),
+ ?assertEqual(0, DocWriteFailures),
+
+ % assert docs in target db
+ {ok, 200, _, ADBody} = test_request:get(Url ++ "/db2/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(ADBody),
+ ?assertEqual(2, proplists:get_value(<<"total_rows">>, Json))
+ end).
+
+should_allow_user_to_replicate_from_no_access_to_access(_PortType, Url) ->
+ ?_test(begin
+ % create source and target dbs
+ {ok, 201, _, _} = test_request:put(url() ++ "/db2?q=1&n=1",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db2/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+
+ % leave for easier debugging
+ % VduFun = <<"function(newdoc, olddoc, userctx) {if(newdoc._id == \"b\") throw({'forbidden':'fail'})}">>,
+ % DDoc = {[
+ % {<<"_id">>, <<"_design/vdu">>},
+ % {<<"validate_doc_update">>, VduFun}
+ % ]},
+ % {ok, _, _, _} = test_request:put(Url ++ "/db/_design/vdu",
+ % ?ADMIN_REQ_HEADERS, jiffy:encode(DDoc)),
+ % create source docs
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+
+
+ % replicate
+ UserXUrl = string:replace(Url, "http://", "http://x:x@"),
+ EJRequestBody = {[
+ {<<"source">>, list_to_binary(UserXUrl ++ "/db2")},
+ {<<"target">>, list_to_binary(UserXUrl ++ "/db")}
+ ]},
+ {ok, ResponseCode, _, ResponseBody} = test_request:post(Url ++ "/_replicate",
+ ?USERX_REQ_HEADERS, jiffy:encode(EJRequestBody)),
+
+ % assert replication status
+ {EJResponseBody} = jiffy:decode(ResponseBody),
+ ?assertEqual(ResponseCode, 200),
+ ?assertEqual(true, couch_util:get_value(<<"ok">>, EJResponseBody)),
+ [{History}] = couch_util:get_value(<<"history">>, EJResponseBody),
+
+ MissingChecked = couch_util:get_value(<<"missing_checked">>, History),
+ MissingFound = couch_util:get_value(<<"missing_found">>, History),
+ DocsReard = couch_util:get_value(<<"docs_read">>, History),
+ DocsWritten = couch_util:get_value(<<"docs_written">>, History),
+ DocWriteFailures = couch_util:get_value(<<"doc_write_failures">>, History),
+
+ ?assertEqual(3, MissingChecked),
+ ?assertEqual(3, MissingFound),
+ ?assertEqual(3, DocsReard),
+ ?assertEqual(2, DocsWritten),
+ ?assertEqual(1, DocWriteFailures),
+
+ % assert docs in target db
+ {ok, 200, _, ADBody} = test_request:get(Url ++ "/db/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(ADBody),
+ ?assertEqual(2, proplists:get_value(<<"total_rows">>, Json))
+ end).
+
+should_allow_user_to_replicate_from_no_access_to_no_access(_PortType, Url) ->
+ ?_test(begin
+ % create source and target dbs
+ {ok, 201, _, _} = test_request:put(url() ++ "/db2?q=1&n=1",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db2/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+
+ {ok, 201, _, _} = test_request:put(url() ++ "/db3?q=1&n=1",
+ ?ADMIN_REQ_HEADERS, ""),
+ % set target db security
+ {ok, _, _, _} = test_request:put(url() ++ "/db3/_security",
+ ?ADMIN_REQ_HEADERS, jiffy:encode(?SECURITY_OBJECT)),
+ % create source docs
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db2/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+
+ % replicate
+ UserXUrl = string:replace(Url, "http://", "http://x:x@"),
+ EJRequestBody = {[
+ {<<"source">>, list_to_binary(UserXUrl ++ "/db2")},
+ {<<"target">>, list_to_binary(UserXUrl ++ "/db3")}
+ ]},
+ {ok, ResponseCode, _, ResponseBody} = test_request:post(Url ++ "/_replicate",
+ ?USERX_REQ_HEADERS, jiffy:encode(EJRequestBody)),
+
+ % assert replication status
+ {EJResponseBody} = jiffy:decode(ResponseBody),
+ ?assertEqual(ResponseCode, 200),
+ ?assertEqual(true, couch_util:get_value(<<"ok">>, EJResponseBody)),
+ [{History}] = couch_util:get_value(<<"history">>, EJResponseBody),
+
+ MissingChecked = couch_util:get_value(<<"missing_checked">>, History),
+ MissingFound = couch_util:get_value(<<"missing_found">>, History),
+ DocsReard = couch_util:get_value(<<"docs_read">>, History),
+ DocsWritten = couch_util:get_value(<<"docs_written">>, History),
+ DocWriteFailures = couch_util:get_value(<<"doc_write_failures">>, History),
+
+ ?assertEqual(3, MissingChecked),
+ ?assertEqual(3, MissingFound),
+ ?assertEqual(3, DocsReard),
+ ?assertEqual(3, DocsWritten),
+ ?assertEqual(0, DocWriteFailures),
+
+ % assert docs in target db
+ {ok, 200, _, ADBody} = test_request:get(Url ++ "/db3/_all_docs?include_docs=true",
+ ?ADMIN_REQ_HEADERS),
+ {Json} = jiffy:decode(ADBody),
+ ?assertEqual(3, proplists:get_value(<<"total_rows">>, Json))
+ end).
+
+% revs_diff
+should_not_allow_user_to_revs_diff_other_docs(_PortType, Url) ->
+ ?_test(begin
+ % create test docs
+ {ok, _, _, _} = test_request:put(Url ++ "/db/a",
+ ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+ {ok, _, _, _} = test_request:put(Url ++ "/db/b",
+ ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+ {ok, _, _, V} = test_request:put(Url ++ "/db/c",
+ ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+
+ % nothing missing
+ RevsDiff = {[
+ {<<"a">>, [
+ <<"1-23202479633c2b380f79507a776743d5">>
+ ]}
+ ]},
+ {ok, GoodCode, _, GoodBody} = test_request:post(Url ++ "/db/_revs_diff",
+ ?USERX_REQ_HEADERS, jiffy:encode(RevsDiff)),
+ EJGoodBody = jiffy:decode(GoodBody),
+ ?assertEqual(200, GoodCode),
+ ?assertEqual({[]}, EJGoodBody),
+
+ % something missing
+ MissingRevsDiff = {[
+ {<<"a">>, [
+ <<"1-missing">>
+ ]}
+ ]},
+ {ok, MissingCode, _, MissingBody} = test_request:post(Url ++ "/db/_revs_diff",
+ ?USERX_REQ_HEADERS, jiffy:encode(MissingRevsDiff)),
+ EJMissingBody = jiffy:decode(MissingBody),
+ ?assertEqual(200, MissingCode),
+ MissingExpect = {[
+ {<<"a">>, {[
+ {<<"missing">>, [<<"1-missing">>]}
+ ]}}
+ ]},
+ ?assertEqual(MissingExpect, EJMissingBody),
+
+ % other doc
+ OtherRevsDiff = {[
+ {<<"c">>, [
+ <<"1-92aef5b0e4a3f4db0aba1320869bc95d">>
+ ]}
+ ]},
+ {ok, OtherCode, _, OtherBody} = test_request:post(Url ++ "/db/_revs_diff",
+ ?USERX_REQ_HEADERS, jiffy:encode(OtherRevsDiff)),
+ EJOtherBody = jiffy:decode(OtherBody),
+ ?assertEqual(200, OtherCode),
+ ?assertEqual({[]}, EJOtherBody)
+ end).
+%% ------------------------------------------------------------------
+%% Internal Function Definitions
+%% ------------------------------------------------------------------
+
+port() ->
+ integer_to_list(mochiweb_socket_server:get(chttpd, port)).
+
+% Potential future feature:%
+% should_let_user_fetch_their_own_all_docs_plus_users_ddocs(_PortType, Url) ->
+% {ok, 201, _, _} = test_request:put(Url ++ "/db/a",
+% ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"x\"]}"),
+% {ok, 201, _, _} = test_request:put(Url ++ "/db/_design/foo",
+% ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"_users\"]}"),
+% {ok, 201, _, _} = test_request:put(Url ++ "/db/_design/bar",
+% ?ADMIN_REQ_HEADERS, "{\"a\":1,\"_access\":[\"houdini\"]}"),
+% {ok, 201, _, _} = test_request:put(Url ++ "/db/b",
+% ?USERX_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+%
+% % % TODO: add allowing non-admin users adding non-admin ddocs
+% {ok, 201, _, _} = test_request:put(Url ++ "/db/_design/x",
+% ?ADMIN_REQ_HEADERS, "{\"b\":2,\"_access\":[\"x\"]}"),
+%
+% {ok, 201, _, _} = test_request:put(Url ++ "/db/c",
+% ?ADMIN_REQ_HEADERS, "{\"c\":3,\"_access\":[\"y\"]}"),
+% {ok, 201, _, _} = test_request:put(Url ++ "/db/d",
+% ?USERY_REQ_HEADERS, "{\"d\":4,\"_access\":[\"y\"]}"),
+% {ok, 200, _, Body} = test_request:get(Url ++ "/db/_all_docs?include_docs=true",
+% ?USERX_REQ_HEADERS),
+% {Json} = jiffy:decode(Body),
+% ?debugFmt("~nHSOIN: ~p~n", [Json]),
+% ?_assertEqual(3, length(proplists:get_value(<<"rows">>, Json))).
diff --git a/src/couch/test/eunit/couchdb_update_conflicts_tests.erl b/src/couch/test/eunit/couchdb_update_conflicts_tests.erl
index d5ca914ab..675194a1f 100644
--- a/src/couch/test/eunit/couchdb_update_conflicts_tests.erl
+++ b/src/couch/test/eunit/couchdb_update_conflicts_tests.erl
@@ -18,8 +18,8 @@
-define(i2l(I), integer_to_list(I)).
-define(DOC_ID, <<"foobar">>).
-define(LOCAL_DOC_ID, <<"_local/foobar">>).
--define(NUM_CLIENTS, [100, 500, 1000, 2000, 5000, 10000]).
--define(TIMEOUT, 100000).
+-define(NUM_CLIENTS, [100, 500 ]). % TODO: enable 1000, 2000, 5000, 10000]).
+-define(TIMEOUT, 200000).
start() ->
test_util:start_couch().
diff --git a/src/couch_index/src/couch_index_util.erl b/src/couch_index/src/couch_index_util.erl
index 3a7d283bf..e7343a565 100644
--- a/src/couch_index/src/couch_index_util.erl
+++ b/src/couch_index/src/couch_index_util.erl
@@ -31,7 +31,10 @@ index_file(Module, DbName, FileName) ->
load_doc(Db, #doc_info{} = DI, Opts) ->
Deleted = lists:member(deleted, Opts),
- case (catch couch_db:open_doc(Db, DI, Opts)) of
+ % MyDoc = ,
+ %{ok, MyDoc2} = MyDoc,
+ %couch_log:error("~ncouch_index_util:load_doc(): Doc: ~p, Deleted ~p~n", [MyDoc2, MyDoc2#doc.deleted]),
+ case catch (couch_db:open_doc(Db, DI, Opts)) of
{ok, #doc{deleted = false} = Doc} -> Doc;
{ok, #doc{deleted = true} = Doc} when Deleted -> Doc;
_Else -> null
diff --git a/src/custodian/src/custodian_util.erl b/src/custodian/src/custodian_util.erl
index 866bcacb1..2a952affb 100644
--- a/src/custodian/src/custodian_util.erl
+++ b/src/custodian/src/custodian_util.erl
@@ -176,7 +176,8 @@ maintenance_nodes(Nodes) ->
[N || {N, Mode} <- lists:zip(Nodes, Modes), Mode =:= "true"].
load_shards(Db, #full_doc_info{id = Id} = FDI) ->
- case couch_db:open_doc(Db, FDI, [ejson_body]) of
+ Doc = couch_db:open_doc(Db, FDI, [ejson_body]),
+ case Doc of
{ok, #doc{body = {Props}}} ->
mem3_util:build_shards(Id, Props);
{not_found, _} ->
diff --git a/src/fabric/src/fabric_doc_update.erl b/src/fabric/src/fabric_doc_update.erl
index e7783e3a5..139eb995c 100644
--- a/src/fabric/src/fabric_doc_update.erl
+++ b/src/fabric/src/fabric_doc_update.erl
@@ -410,9 +410,9 @@ doc_update1() ->
{ok, StW5_2} = handle_message({rexi_EXIT, nil}, SB1, StW5_1),
{ok, StW5_3} = handle_message({rexi_EXIT, nil}, SA2, StW5_2),
{stop, ReplyW5} = handle_message({rexi_EXIT, nil}, SB2, StW5_3),
+
?assertEqual(
- % TODO: we had to flip this, it might point to a missing, or overzealous
- % lists:reverse() in our implementation.
+ % TODO: find out why we had to swap this
{error, [{Doc2,{error,internal_server_error}},{Doc1,{accepted,"A"}}]},
ReplyW5
).
@@ -444,9 +444,7 @@ doc_update2() ->
handle_message({rexi_EXIT, 1}, lists:nth(3, Shards), Acc2),
?assertEqual(
- % TODO: we had to flip this, it might point to a missing, or overzealous
- % lists:reverse() in our implementation.
- ?assertEqual({accepted, [{Doc2,{accepted,Doc1}}, {Doc1,{accepted,Doc2}}]},
+ {accepted, [{Doc2,{accepted,Doc2}}, {Doc1,{accepted,Doc1}}]},
Reply
).
@@ -475,10 +473,7 @@ doc_update3() ->
{stop, Reply} =
handle_message({ok, [{ok, Doc1}, {ok, Doc2}]}, lists:nth(3, Shards), Acc2),
-
- % TODO: we had to flip this, it might point to a missing, or overzealous
- % lists:reverse() in our implementation.
- ?assertEqual({ok, [{Doc2, {ok,Doc1}},{Doc1, {ok, Doc2}}]},Reply).
+ ?assertEqual({ok, [{Doc2, {ok,Doc2}},{Doc1, {ok, Doc1}}]},Reply).
handle_all_dbs_active() ->
Doc1 = #doc{revs = {1, [<<"foo">>]}},
@@ -506,7 +501,7 @@ handle_all_dbs_active() ->
{stop, Reply} =
handle_message({ok, [{ok, Doc1}, {ok, Doc2}]}, lists:nth(3, Shards), Acc2),
- ?assertEqual({ok, [{Doc1, {ok, Doc1}}, {Doc2, {ok, Doc2}}]}, Reply).
+ ?assertEqual({ok, [{Doc2, {ok, Doc2}}, {Doc1, {ok, Doc1}}]}, Reply).
handle_two_all_dbs_actives() ->
Doc1 = #doc{revs = {1, [<<"foo">>]}},
@@ -535,7 +530,7 @@ handle_two_all_dbs_actives() ->
handle_message({error, all_dbs_active}, lists:nth(3, Shards), Acc2),
?assertEqual(
- {accepted, [{Doc1, {accepted, Doc1}}, {Doc2, {accepted, Doc2}}]},
+ {accepted, [{Doc2, {accepted, Doc2}}, {Doc1, {accepted, Doc1}}]},
Reply
).
@@ -570,8 +565,8 @@ one_forbid() ->
?assertEqual(
{ok, [
- {Doc1, {ok, Doc1}},
- {Doc2, {Doc2, {forbidden, <<"not allowed">>}}}
+ {Doc2, {Doc2, {forbidden, <<"not allowed">>}}},
+ {Doc1, {ok, Doc1}}
]},
Reply
).
@@ -609,8 +604,8 @@ two_forbid() ->
?assertEqual(
{ok, [
- {Doc1, {ok, Doc1}},
- {Doc2, {Doc2, {forbidden, <<"not allowed">>}}}
+ {Doc2, {Doc2, {forbidden, <<"not allowed">>}}},
+ {Doc1, {ok, Doc1}}
]},
Reply
).
@@ -647,7 +642,7 @@ extend_tree_forbid() ->
{stop, Reply} =
handle_message({ok, [{ok, Doc1}, {ok, Doc2}]}, lists:nth(3, Shards), Acc2),
- ?assertEqual({ok, [{Doc1, {ok, Doc1}}, {Doc2, {ok, Doc2}}]}, Reply).
+ ?assertEqual({ok, [{Doc2, {ok, Doc2}}, {Doc1, {ok, Doc1}}]}, Reply).
other_errors_one_forbid() ->
Doc1 = #doc{revs = {1, [<<"foo">>]}},
@@ -677,7 +672,7 @@ other_errors_one_forbid() ->
handle_message(
{ok, [{ok, Doc1}, {Doc2, {forbidden, <<"not allowed">>}}]}, lists:nth(3, Shards), Acc2
),
- ?assertEqual({error, [{Doc1, {ok, Doc1}}, {Doc2, {Doc2, {error, <<"foo">>}}}]}, Reply).
+ ?assertEqual({error, [{Doc2, {Doc2, {error, <<"foo">>}}}, {Doc1, {ok, Doc1}}]}, Reply).
one_error_two_forbid() ->
Doc1 = #doc{revs = {1, [<<"foo">>]}},
@@ -710,7 +705,7 @@ one_error_two_forbid() ->
{ok, [{ok, Doc1}, {Doc2, {forbidden, <<"not allowed">>}}]}, lists:nth(3, Shards), Acc2
),
?assertEqual(
- {error, [{Doc1, {ok, Doc1}}, {Doc2, {Doc2, {forbidden, <<"not allowed">>}}}]}, Reply
+ {error, [{Doc2, {Doc2, {forbidden, <<"not allowed">>}}}, {Doc1, {ok, Doc1}}]}, Reply
).
one_success_two_forbid() ->
@@ -744,7 +739,7 @@ one_success_two_forbid() ->
{ok, [{ok, Doc1}, {Doc2, {forbidden, <<"not allowed">>}}]}, lists:nth(3, Shards), Acc2
),
?assertEqual(
- {error, [{Doc1, {ok, Doc1}}, {Doc2, {Doc2, {forbidden, <<"not allowed">>}}}]}, Reply
+ {error, [{Doc2, {Doc2, {forbidden, <<"not allowed">>}}}, {Doc1, {ok, Doc1}}]}, Reply
).
% needed for testing to avoid having to start the mem3 application
diff --git a/src/mem3/src/mem3_shards.erl b/src/mem3/src/mem3_shards.erl
index 8bbc92411..a37ae3996 100644
--- a/src/mem3/src/mem3_shards.erl
+++ b/src/mem3/src/mem3_shards.erl
@@ -358,6 +358,7 @@ changes_callback({stop, EndSeq}, _) ->
changes_callback({change, {Change}, _}, _) ->
DbName = couch_util:get_value(<<"id">>, Change),
Seq = couch_util:get_value(<<"seq">>, Change),
+ %couch_log:error("~nChange: ~p~n", [Change]),
case DbName of
<<"_design/", _/binary>> ->
ok;