couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fdman...@apache.org
Subject svn commit: r1035986 - in /couchdb/trunk: share/www/script/test/replicator_db.js src/couchdb/couch_js_functions.hrl src/couchdb/couch_rep.erl
Date Wed, 17 Nov 2010 11:41:45 GMT
Author: fdmanana
Date: Wed Nov 17 11:41:44 2010
New Revision: 1035986

URL: http://svn.apache.org/viewvc?rev=1035986&view=rev
Log:
Replicator DB: removed some restrictions from the default document update validation function
and added some logging.

1) Now it's easier to replicate to the replicator DB and by default it's writable by any user
   (just like any user can POST to /_replicate/);

2) The logging in the document validation function allows us to see in the log, after a replication,
   why a document was not written to the target replicator DB.


Modified:
    couchdb/trunk/share/www/script/test/replicator_db.js
    couchdb/trunk/src/couchdb/couch_js_functions.hrl
    couchdb/trunk/src/couchdb/couch_rep.erl

Modified: couchdb/trunk/share/www/script/test/replicator_db.js
URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/replicator_db.js?rev=1035986&r1=1035985&r2=1035986&view=diff
==============================================================================
--- couchdb/trunk/share/www/script/test/replicator_db.js (original)
+++ couchdb/trunk/share/www/script/test/replicator_db.js Wed Nov 17 11:41:44 2010
@@ -470,64 +470,6 @@ couchTests.replicator_db = function(debu
   }
 
 
-  function rep_db_write_authorization() {
-    populate_db(dbA, docs1);
-    populate_db(dbB, []);
-
-    var server_admins_config = [
-      {
-        section: "admins",
-        key: "fdmanana",
-        value: "qwerty"
-      }
-    ];
-
-    run_on_modified_server(server_admins_config, function() {
-      var repDoc = {
-        _id: "foo_rep_doc",
-        source: dbA.name,
-        target: dbB.name
-      };
-
-      try {
-        repDb.save(repDoc);
-        T(false && "Should have thrown an exception");
-      } catch (x) {
-        T(x["error"] === "forbidden");
-      }
-
-      T(CouchDB.login("fdmanana", "qwerty").ok);
-      T(CouchDB.session().userCtx.name === "fdmanana");
-      T(CouchDB.session().userCtx.roles.indexOf("_admin") !== -1);
-
-      T(repDb.save(repDoc).ok);
-
-      waitForRep(repDb, repDoc, "completed");
-      for (var i = 0; i < docs1.length; i++) {
-        var doc = docs1[i];
-        var copy = dbB.open(doc._id);
-        T(copy !== null);
-        T(copy.value === doc.value);
-      }
-
-      repDoc = repDb.open("foo_rep_doc");
-      T(repDoc !== null);
-
-      repDoc.target = "test_suite_foo_db";
-      repDoc.create_target = true;
-
-      // Only the replicator can update replication documents.
-      // Admins can only add and delete replication documents.
-      try {
-        repDb.save(repDoc);
-        T(false && "Should have thrown an exception");
-      } catch (x) {
-        T(x["error"] === "forbidden");
-      }
-    });
-  }
-
-
   function test_replication_credentials_delegation() {
     populate_db(usersDb, []);
 
@@ -745,10 +687,6 @@ couchTests.replicator_db = function(debu
   restartServer();
   run_on_modified_server(server_config, identical_continuous_rep_docs);
 
-  repDb.deleteDb();
-  restartServer();
-  run_on_modified_server(server_config, rep_db_write_authorization);
-
   var server_config_2 = server_config.concat([
     {
       section: "couch_httpd_auth",

Modified: couchdb/trunk/src/couchdb/couch_js_functions.hrl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_js_functions.hrl?rev=1035986&r1=1035985&r2=1035986&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_js_functions.hrl (original)
+++ couchdb/trunk/src/couchdb/couch_js_functions.hrl Wed Nov 17 11:41:44 2010
@@ -99,55 +99,32 @@
 
 -define(REP_DB_DOC_VALIDATE_FUN, <<"
     function(newDoc, oldDoc, userCtx) {
-        var isAdmin = (userCtx.roles.indexOf('_admin') >= 0);
-        var isReplicator = (userCtx.roles.indexOf('_replicator') >= 0);
-
-        if (oldDoc && !newDoc._deleted && !isReplicator) {
-            throw({forbidden:
-                'Only the replicator can edit replication documents. ' +
-                'Admins can only add and delete replication documents.'
-            });
-        } else if (!isAdmin) {
-            throw({forbidden:
-                'Only admins may add/delete replication documents.'
-            });
-        }
-
-        if (!oldDoc && newDoc.state) {
-            throw({forbidden:
-                'The state field can only be set by the replicator.'
-            });
-        }
+        if (newDoc.user_ctx) {
 
-        if (!oldDoc && newDoc.replication_id) {
-            throw({forbidden:
-                'The replication_id field can only be set by the replicator.'
-            });
-        }
+            function reportError(error_msg) {
+                log('Error writing document ' + newDoc._id +
+                    ' to replicator DB: ' + error_msg);
+                throw({forbidden: error_msg});
+            }
 
-        if (newDoc.user_ctx) {
             var user_ctx = newDoc.user_ctx;
 
             if (typeof user_ctx !== 'object') {
-                throw({forbidden: 'The user_ctx property must be an object.'});
+                reportError('The user_ctx property must be an object.');
             }
 
             if (!(user_ctx.name === null ||
                     (typeof user_ctx.name === 'undefined') ||
                     ((typeof user_ctx.name === 'string') &&
                         user_ctx.name.length > 0))) {
-                throw({forbidden:
-                    'The name property of the user_ctx must be a ' +
-                    'non-empty string.'
-                });
+                reportError('The name property of the user_ctx must be a ' +
+                    'non-empty string.');
             }
 
             if ((typeof user_ctx.roles !== 'undefined') &&
                     (typeof user_ctx.roles.length !== 'number')) {
-                throw({forbidden:
-                    'The roles property of the user_ctx must be ' +
-                    'an array of strings.'
-                });
+                reportError('The roles property of the user_ctx must be ' +
+                    'an array of strings.');
             }
 
             if (user_ctx.roles) {
@@ -155,13 +132,11 @@
                     var role = user_ctx.roles[i];
 
                     if (typeof role !== 'string' || role.length === 0) {
-                        throw({forbidden: 'Roles must be non-empty strings.'});
+                        reportError('Each role must be a non-empty string.');
                     }
                     if (role[0] === '_') {
-                        throw({forbidden:
-                            'System roles (starting with underscore) ' +
-                            'are not allowed.'
-                        });
+                        reportError('System roles (starting with underscore) ' +
+                            'are not allowed.');
                     }
                 }
             }

Modified: couchdb/trunk/src/couchdb/couch_rep.erl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_rep.erl?rev=1035986&r1=1035985&r2=1035986&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_rep.erl (original)
+++ couchdb/trunk/src/couchdb/couch_rep.erl Wed Nov 17 11:41:44 2010
@@ -862,7 +862,7 @@ maybe_set_triggered({RepProps} = RepDoc,
 ensure_rep_db_exists() ->
     DbName = ?l2b(couch_config:get("replicator", "db", "_replicator")),
     Opts = [
-        {user_ctx, #user_ctx{roles=[<<"_admin">>, <<"_replicator">>]}},
+        {user_ctx, #user_ctx{roles=[<<"_admin">>]}},
         sys_db
     ],
     case couch_db:open(DbName, Opts) of



Mime
View raw message