couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jch...@apache.org
Subject svn commit: r906138 - in /couchdb/trunk: share/www/script/test/reader_acl.js src/couchdb/couch_db.erl
Date Wed, 03 Feb 2010 17:29:41 GMT
Author: jchris
Date: Wed Feb  3 17:29:41 2010
New Revision: 906138

URL: http://svn.apache.org/viewvc?rev=906138&view=rev
Log:
enhance reader and admin lists

Modified:
    couchdb/trunk/share/www/script/test/reader_acl.js
    couchdb/trunk/src/couchdb/couch_db.erl

Modified: couchdb/trunk/share/www/script/test/reader_acl.js
URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/reader_acl.js?rev=906138&r1=906137&r2=906138&view=diff
==============================================================================
--- couchdb/trunk/share/www/script/test/reader_acl.js (original)
+++ couchdb/trunk/share/www/script/test/reader_acl.js Wed Feb  3 17:29:41 2010
@@ -50,6 +50,21 @@
       }
 
       CouchDB.logout();
+      
+      // make top-secret an admin
+      T(secretDb.setDbProperty("_admins", {
+        roles : ["top-secret"],
+        names : []}).ok);
+
+      T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+
+      T(secretDb.open("baz").foo == "bar");
+
+      CouchDB.logout();
+
+      T(secretDb.setDbProperty("_admins", {
+        roles : [],
+        names : []}).ok);
 
       // admin now adds the top-secret role to the db's readers
       T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1);
@@ -67,18 +82,26 @@
 
       // can't set non string reader names or roles
       try {
-        T(!secretDb.setDbProperty("_readers", {
+        secretDb.setDbProperty("_readers", {
           roles : ["super-secret-club", {"top-secret":"awesome"}],
-          names : ["joe","barb"]}).ok);      
+          names : ["joe","barb"]});
         T(false && "only string roles");
       } catch (e) {}
 
       try {
-      T(!secretDb.setDbProperty("_readers", {
-        roles : ["super-secret-club", "top-secret"],
-        names : ["joe",22]}).ok);
+        secretDb.setDbProperty("_readers", {
+          roles : ["super-secret-club", "top-secret"],
+          names : ["joe",22]});
         T(false && "only string names");
-        } catch (e) {}
+      } catch (e) {}
+      
+      try {
+        secretDb.setDbProperty("_readers", {
+          roles : ["super-secret-club", "top-secret"],
+          names : "joe"
+        });
+        T(false && "only lists of names");
+      } catch (e) {}
     } finally {
       CouchDB.logout();
     }

Modified: couchdb/trunk/src/couchdb/couch_db.erl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_db.erl?rev=906138&r1=906137&r2=906138&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_db.erl (original)
+++ couchdb/trunk/src/couchdb/couch_db.erl Wed Feb  3 17:29:41 2010
@@ -247,26 +247,28 @@
     end.
 
 check_is_reader(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) ->
-    % admins are not readers. this is for good reason. 
-    % we don't want to confuse setting admins with making private dbs
-    {Readers} = get_readers(Db),
-    ReaderRoles = proplists:get_value(roles, Readers,[]),
-    WithAdminRoles = [<<"_admin">> | ReaderRoles],
-    ReaderNames = proplists:get_value(names, Readers,[]),
-    case ReaderRoles ++ ReaderNames of 
-    [] -> ok; % no readers == public access
-    _Else ->
-        case WithAdminRoles -- Roles of
-        WithAdminRoles -> % same list, not an reader role
-            case ReaderNames -- [Name] of
-            ReaderNames -> % same names, not a reader
-                ?LOG_DEBUG("Not a reader: UserCtx ~p vs Names ~p Roles ~p",[UserCtx, ReaderNames,
WithAdminRoles]),
-                throw({unauthorized, <<"You are not authorized to access this db.">>});
+    case (catch check_is_admin(Db)) of
+    ok -> ok;
+    _ ->
+        {Readers} = get_readers(Db),
+        ReaderRoles = proplists:get_value(roles, Readers,[]),
+        WithAdminRoles = [<<"_admin">> | ReaderRoles],
+        ReaderNames = proplists:get_value(names, Readers,[]),
+        case ReaderRoles ++ ReaderNames of 
+        [] -> ok; % no readers == public access
+        _Else ->
+            case WithAdminRoles -- Roles of
+            WithAdminRoles -> % same list, not an reader role
+                case ReaderNames -- [Name] of
+                ReaderNames -> % same names, not a reader
+                    ?LOG_DEBUG("Not a reader: UserCtx ~p vs Names ~p Roles ~p",[UserCtx,
ReaderNames, WithAdminRoles]),
+                    throw({unauthorized, <<"You are not authorized to access this db.">>});
+                _ ->
+                    ok
+                end;
             _ ->
                 ok
-            end;
-        _ ->
-            ok
+            end
         end
     end.
 
@@ -311,17 +313,17 @@
 
 % validate user input and convert proplist to atom keys
 just_names_and_roles({Props}) when is_list(Props) ->
-    Names = case proplists:get_value(<<"names">>,Props) of
+    Names = case proplists:get_value(<<"names">>,Props,[]) of
     Ns when is_list(Ns) ->
             [throw("names must be a JSON list of strings") ||N <- Ns, not is_binary(N)],
             Ns;
-    _ -> []
+    _ -> throw("names must be a JSON list of strings")
     end,
-    Roles = case proplists:get_value(<<"roles">>,Props) of
+    Roles = case proplists:get_value(<<"roles">>,Props,[]) of
     Rs when is_list(Rs) ->
         [throw("roles must be a JSON list of strings") ||R <- Rs, not is_binary(R)],
         Rs;
-    _ -> []
+    _ -> throw("roles must be a JSON list of strings")
     end,
     {[
         {names, Names},



Mime
View raw message