Return-Path: Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: (qmail 49742 invoked from network); 17 Nov 2010 11:42:35 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 17 Nov 2010 11:42:35 -0000 Received: (qmail 73472 invoked by uid 500); 17 Nov 2010 11:43:06 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 73350 invoked by uid 500); 17 Nov 2010 11:43:04 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 73343 invoked by uid 99); 17 Nov 2010 11:43:03 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Nov 2010 11:43:03 +0000 X-ASF-Spam-Status: No, hits=-1996.4 required=10.0 tests=ALL_TRUSTED,FS_REPLICA X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Nov 2010 11:43:00 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 5A1DF23889E0; Wed, 17 Nov 2010 11:41:45 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1035986 - in /couchdb/trunk: share/www/script/test/replicator_db.js src/couchdb/couch_js_functions.hrl src/couchdb/couch_rep.erl Date: Wed, 17 Nov 2010 11:41:45 -0000 To: commits@couchdb.apache.org From: fdmanana@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101117114145.5A1DF23889E0@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: fdmanana Date: Wed Nov 17 11:41:44 2010 New Revision: 1035986 URL: http://svn.apache.org/viewvc?rev=1035986&view=rev Log: Replicator DB: removed some restrictions from the default document update validation function and added some logging. 1) Now it's easier to replicate to the replicator DB and by default it's writable by any user (just like any user can POST to /_replicate/); 2) The logging in the document validation function allows us to see in the log, after a replication, why a document was not written to the target replicator DB. Modified: couchdb/trunk/share/www/script/test/replicator_db.js couchdb/trunk/src/couchdb/couch_js_functions.hrl couchdb/trunk/src/couchdb/couch_rep.erl Modified: couchdb/trunk/share/www/script/test/replicator_db.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/replicator_db.js?rev=1035986&r1=1035985&r2=1035986&view=diff ============================================================================== --- couchdb/trunk/share/www/script/test/replicator_db.js (original) +++ couchdb/trunk/share/www/script/test/replicator_db.js Wed Nov 17 11:41:44 2010 @@ -470,64 +470,6 @@ couchTests.replicator_db = function(debu } - function rep_db_write_authorization() { - populate_db(dbA, docs1); - populate_db(dbB, []); - - var server_admins_config = [ - { - section: "admins", - key: "fdmanana", - value: "qwerty" - } - ]; - - run_on_modified_server(server_admins_config, function() { - var repDoc = { - _id: "foo_rep_doc", - source: dbA.name, - target: dbB.name - }; - - try { - repDb.save(repDoc); - T(false && "Should have thrown an exception"); - } catch (x) { - T(x["error"] === "forbidden"); - } - - T(CouchDB.login("fdmanana", "qwerty").ok); - T(CouchDB.session().userCtx.name === "fdmanana"); - T(CouchDB.session().userCtx.roles.indexOf("_admin") !== -1); - - T(repDb.save(repDoc).ok); - - waitForRep(repDb, repDoc, "completed"); - for (var i = 0; i < docs1.length; i++) { - var doc = docs1[i]; - var copy = dbB.open(doc._id); - T(copy !== null); - T(copy.value === doc.value); - } - - repDoc = repDb.open("foo_rep_doc"); - T(repDoc !== null); - - repDoc.target = "test_suite_foo_db"; - repDoc.create_target = true; - - // Only the replicator can update replication documents. - // Admins can only add and delete replication documents. - try { - repDb.save(repDoc); - T(false && "Should have thrown an exception"); - } catch (x) { - T(x["error"] === "forbidden"); - } - }); - } - - function test_replication_credentials_delegation() { populate_db(usersDb, []); @@ -745,10 +687,6 @@ couchTests.replicator_db = function(debu restartServer(); run_on_modified_server(server_config, identical_continuous_rep_docs); - repDb.deleteDb(); - restartServer(); - run_on_modified_server(server_config, rep_db_write_authorization); - var server_config_2 = server_config.concat([ { section: "couch_httpd_auth", Modified: couchdb/trunk/src/couchdb/couch_js_functions.hrl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_js_functions.hrl?rev=1035986&r1=1035985&r2=1035986&view=diff ============================================================================== --- couchdb/trunk/src/couchdb/couch_js_functions.hrl (original) +++ couchdb/trunk/src/couchdb/couch_js_functions.hrl Wed Nov 17 11:41:44 2010 @@ -99,55 +99,32 @@ -define(REP_DB_DOC_VALIDATE_FUN, <<" function(newDoc, oldDoc, userCtx) { - var isAdmin = (userCtx.roles.indexOf('_admin') >= 0); - var isReplicator = (userCtx.roles.indexOf('_replicator') >= 0); - - if (oldDoc && !newDoc._deleted && !isReplicator) { - throw({forbidden: - 'Only the replicator can edit replication documents. ' + - 'Admins can only add and delete replication documents.' - }); - } else if (!isAdmin) { - throw({forbidden: - 'Only admins may add/delete replication documents.' - }); - } - - if (!oldDoc && newDoc.state) { - throw({forbidden: - 'The state field can only be set by the replicator.' - }); - } + if (newDoc.user_ctx) { - if (!oldDoc && newDoc.replication_id) { - throw({forbidden: - 'The replication_id field can only be set by the replicator.' - }); - } + function reportError(error_msg) { + log('Error writing document ' + newDoc._id + + ' to replicator DB: ' + error_msg); + throw({forbidden: error_msg}); + } - if (newDoc.user_ctx) { var user_ctx = newDoc.user_ctx; if (typeof user_ctx !== 'object') { - throw({forbidden: 'The user_ctx property must be an object.'}); + reportError('The user_ctx property must be an object.'); } if (!(user_ctx.name === null || (typeof user_ctx.name === 'undefined') || ((typeof user_ctx.name === 'string') && user_ctx.name.length > 0))) { - throw({forbidden: - 'The name property of the user_ctx must be a ' + - 'non-empty string.' - }); + reportError('The name property of the user_ctx must be a ' + + 'non-empty string.'); } if ((typeof user_ctx.roles !== 'undefined') && (typeof user_ctx.roles.length !== 'number')) { - throw({forbidden: - 'The roles property of the user_ctx must be ' + - 'an array of strings.' - }); + reportError('The roles property of the user_ctx must be ' + + 'an array of strings.'); } if (user_ctx.roles) { @@ -155,13 +132,11 @@ var role = user_ctx.roles[i]; if (typeof role !== 'string' || role.length === 0) { - throw({forbidden: 'Roles must be non-empty strings.'}); + reportError('Each role must be a non-empty string.'); } if (role[0] === '_') { - throw({forbidden: - 'System roles (starting with underscore) ' + - 'are not allowed.' - }); + reportError('System roles (starting with underscore) ' + + 'are not allowed.'); } } } Modified: couchdb/trunk/src/couchdb/couch_rep.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_rep.erl?rev=1035986&r1=1035985&r2=1035986&view=diff ============================================================================== --- couchdb/trunk/src/couchdb/couch_rep.erl (original) +++ couchdb/trunk/src/couchdb/couch_rep.erl Wed Nov 17 11:41:44 2010 @@ -862,7 +862,7 @@ maybe_set_triggered({RepProps} = RepDoc, ensure_rep_db_exists() -> DbName = ?l2b(couch_config:get("replicator", "db", "_replicator")), Opts = [ - {user_ctx, #user_ctx{roles=[<<"_admin">>, <<"_replicator">>]}}, + {user_ctx, #user_ctx{roles=[<<"_admin">>]}}, sys_db ], case couch_db:open(DbName, Opts) of