Return-Path: Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: (qmail 81185 invoked from network); 27 Nov 2010 04:43:00 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 27 Nov 2010 04:43:00 -0000 Received: (qmail 32221 invoked by uid 500); 27 Nov 2010 04:43:00 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 32096 invoked by uid 500); 27 Nov 2010 04:42:57 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 32089 invoked by uid 99); 27 Nov 2010 04:42:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 27 Nov 2010 04:42:57 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED,FILL_THIS_FORM X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 27 Nov 2010 04:42:53 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id C86682388A32; Sat, 27 Nov 2010 04:41:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1039619 - in /couchdb/trunk: share/www/dialog/ share/www/script/ share/www/script/test/ share/www/spec/ src/couchdb/ Date: Sat, 27 Nov 2010 04:41:20 -0000 To: commits@couchdb.apache.org From: jchris@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101127044120.C86682388A32@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: jchris Date: Sat Nov 27 04:41:20 2010 New Revision: 1039619 URL: http://svn.apache.org/viewvc?rev=1039619&view=rev Log: rename "readers" to "members" in _security object, keep backwards compatibility with old security objects" Modified: couchdb/trunk/share/www/dialog/_database_security.html couchdb/trunk/share/www/script/futon.browse.js couchdb/trunk/share/www/script/test/reader_acl.js couchdb/trunk/share/www/script/test/replication.js couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js couchdb/trunk/src/couchdb/couch_db.erl Modified: couchdb/trunk/share/www/dialog/_database_security.html URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/dialog/_database_security.html?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/dialog/_database_security.html (original) +++ couchdb/trunk/share/www/dialog/_database_security.html Sat Nov 27 04:41:20 2010 @@ -16,12 +16,12 @@ specific language governing permissions

Security

- Each database contains lists of admins and readers. - Admins and readers are each defined by names and roles, which are lists of strings. + Each database contains lists of admins and members. + Admins and members are each defined by names and roles, which are lists of strings.

Admins

-

Database admins can update design documents and edit the readers list.

+

Database admins can update design documents and edit the admin and member lists.

@@ -31,14 +31,14 @@ specific language governing permissions
-

Readers

-

Database readers can access the database. If no readers are defined, the database is public.

+

Members

+

Database members can access the database. If no members are defined, the database is public.

- + - +
Modified: couchdb/trunk/share/www/script/futon.browse.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/futon.browse.js?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/script/futon.browse.js [utf-8] (original) +++ couchdb/trunk/share/www/script/futon.browse.js [utf-8] Sat Nov 27 04:41:20 2010 @@ -189,26 +189,34 @@ } this.databaseSecurity = function() { + function namesAndRoles(r, key) { + var names = []; + var roles = []; + if (r && typeof r[key + "s"] === "object") { + if ($.isArray(r[key + "s"]["names"])) { + names = r[key + "s"]["names"]; + } + if ($.isArray(r[key + "s"]["roles"])) { + roles = r[key + "s"]["roles"]; + } + } + return {names : names, roles: roles}; + }; + $.showDialog("dialog/_database_security.html", { load : function(d) { db.getDbProperty("_security", { success: function(r) { - ["admin", "reader"].forEach(function(key) { - var names = []; - var roles = []; - - if (r && typeof r[key + "s"] === "object") { - if ($.isArray(r[key + "s"]["names"])) { - names = r[key + "s"]["names"]; - } - if ($.isArray(r[key + "s"]["roles"])) { - roles = r[key + "s"]["roles"]; - } - } - - $("input[name=" + key + "_names]", d).val(JSON.stringify(names)); - $("input[name=" + key + "_roles]", d).val(JSON.stringify(roles)); - }); + var admins = namesAndRoles(r, "admin") + , members = namesAndRoles(r, "member"); + if (members.names.length + members.roles.length == 0) { + // backwards compatibility with readers for 1.x + members = namesAndRoles(r, "reader"); + } + $("input[name=admin_names]", d).val(JSON.stringify(admins.names)); + $("input[name=admin_roles]", d).val(JSON.stringify(admins.roles)); + $("input[name=member_names]", d).val(JSON.stringify(members.names)); + $("input[name=member_roles]", d).val(JSON.stringify(members.roles)); } }); }, @@ -220,13 +228,13 @@ names: [], roles: [] }, - readers: { + members: { names: [], roles: [] } }; - ["admin", "reader"].forEach(function(key) { + ["admin", "member"].forEach(function(key) { var names, roles; try { Modified: couchdb/trunk/share/www/script/test/reader_acl.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/reader_acl.js?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/script/test/reader_acl.js (original) +++ couchdb/trunk/share/www/script/test/reader_acl.js Sat Nov 27 04:41:20 2010 @@ -37,7 +37,7 @@ couchTests.reader_acl = function(debug) T(secretDb.open("baz").foo == "bar"); T(secretDb.setSecObj({ - "readers" : { + "members" : { roles : ["super-secret-club"], names : ["joe","barb"] } @@ -64,13 +64,13 @@ couchTests.reader_acl = function(debug) CouchDB.logout(); // make anyone with the top-secret role an admin - // db admins are automatically readers + // db admins are automatically members T(secretDb.setSecObj({ "admins" : { roles : ["top-secret"], names : [] }, - "readers" : { + "members" : { roles : ["super-secret-club"], names : ["joe","barb"] } @@ -90,14 +90,14 @@ couchTests.reader_acl = function(debug) CouchDB.logout(); T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1); - // admin now adds the top-secret role to the db's readers + // admin now adds the top-secret role to the db's members // and removes db-admins T(secretDb.setSecObj({ "admins" : { roles : [], names : [] }, - "readers" : { + "members" : { roles : ["super-secret-club", "top-secret"], names : ["joe","barb"] } @@ -124,10 +124,10 @@ couchTests.reader_acl = function(debug) T(CouchDB.login("jchris@apache.org", "funnybone").ok); T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1); T(secretDb.open("baz").foo == "bar"); - // readers can query stored views + // members can query stored views T(secretDb.view("foo/bar").total_rows == 1); - // readers can't do temp views + // members can't do temp views try { var results = secretDb.query(function(doc) { emit(null, null); @@ -137,13 +137,28 @@ couchTests.reader_acl = function(debug) T(true && "temp view is admin only"); } - CouchDB.logout(); + // works with readers (backwards compat with 1.0) + T(secretDb.setSecObj({ + "admins" : { + roles : [], + names : [] + }, + "readers" : { + roles : ["super-secret-club", "top-secret"], + names : ["joe","barb"] + } + }).ok); + + T(CouchDB.login("jchris@apache.org", "funnybone").ok); + T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1); + T(secretDb.open("baz").foo == "bar"); + // can't set non string reader names or roles try { secretDb.setSecObj({ - "readers" : { + "members" : { roles : ["super-secret-club", {"top-secret":"awesome"}], names : ["joe","barb"] } @@ -153,7 +168,7 @@ couchTests.reader_acl = function(debug) try { secretDb.setSecObj({ - "readers" : { + "members" : { roles : ["super-secret-club", {"top-secret":"awesome"}], names : ["joe",22] } @@ -163,7 +178,7 @@ couchTests.reader_acl = function(debug) try { secretDb.setSecObj({ - "readers" : { + "members" : { roles : ["super-secret-club", {"top-secret":"awesome"}], names : "joe" } Modified: couchdb/trunk/share/www/script/test/replication.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/replication.js?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/script/test/replication.js (original) +++ couchdb/trunk/share/www/script/test/replication.js Sat Nov 27 04:41:20 2010 @@ -623,7 +623,7 @@ couchTests.replication = function(debug) names: [], roles: ["admin"] }, - readers: { + members: { names: [], roles: ["reader"] } @@ -687,7 +687,7 @@ couchTests.replication = function(debug) names: [], roles: ["bar"] }, - readers: { + members: { names: [], roles: ["foo"] } Modified: couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js (original) +++ couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js Sat Nov 27 04:41:20 2010 @@ -184,15 +184,15 @@ describe 'CouchDB instance' describe '.setSecObj' it 'should return ok true' - db.setSecObj({"readers":{"names":["laura"],"roles":["president"]}}).ok.should.be_true + db.setSecObj({"members":{"names":["laura"],"roles":["president"]}}).ok.should.be_true end it 'should save a well formed object into the _security object ' - db.should.receive("request", "once").with_args("PUT", "/spec_db/_security", {body: '{"readers":{"names":["laura"],"roles":["president"]}}'}) - db.setSecObj({"readers": {"names" : ["laura"], "roles" : ["president"]}}) + db.should.receive("request", "once").with_args("PUT", "/spec_db/_security", {body: '{"members":{"names":["laura"],"roles":["president"]}}'}) + db.setSecObj({"members": {"names" : ["laura"], "roles" : ["president"]}}) end - it 'should throw an error when the readers or admins object is malformed' + it 'should throw an error when the members or admins object is malformed' -{ db.setSecObj({"admins":["cylon"]}) }.should.throw_error end Modified: couchdb/trunk/src/couchdb/couch_db.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_db.erl?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/src/couchdb/couch_db.erl (original) +++ couchdb/trunk/src/couchdb/couch_db.erl Sat Nov 27 04:41:20 2010 @@ -26,7 +26,7 @@ -export([set_security/2,get_security/1]). -export([init/1,terminate/2,handle_call/3,handle_cast/2,code_change/3,handle_info/2]). -export([changes_since/5,changes_since/6,read_doc/2,new_revid/1]). --export([check_is_admin/1, check_is_reader/1]). +-export([check_is_admin/1, check_is_member/1]). -export([reopen/1]). -include("couch_db.hrl"). @@ -77,7 +77,7 @@ open(DbName, Options) -> case couch_server:open(DbName, Options) of {ok, Db} -> try - check_is_reader(Db), + check_is_member(Db), {ok, Db} catch throw:Error -> @@ -297,14 +297,14 @@ check_is_admin(#db{user_ctx=#user_ctx{na ok end. -check_is_reader(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) -> +check_is_member(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) -> case (catch check_is_admin(Db)) of ok -> ok; _ -> - {Readers} = get_readers(Db), - ReaderRoles = couch_util:get_value(<<"roles">>, Readers,[]), + {Members} = get_members(Db), + ReaderRoles = couch_util:get_value(<<"roles">>, Members,[]), WithAdminRoles = [<<"_admin">> | ReaderRoles], - ReaderNames = couch_util:get_value(<<"names">>, Readers,[]), + ReaderNames = couch_util:get_value(<<"names">>, Members,[]), case ReaderRoles ++ ReaderNames of [] -> ok; % no readers == public access _Else -> @@ -326,8 +326,10 @@ check_is_reader(#db{user_ctx=#user_ctx{n get_admins(#db{security=SecProps}) -> couch_util:get_value(<<"admins">>, SecProps, {[]}). -get_readers(#db{security=SecProps}) -> - couch_util:get_value(<<"readers">>, SecProps, {[]}). +get_members(#db{security=SecProps}) -> + % we fallback to readers here for backwards compatibility + couch_util:get_value(<<"members">>, SecProps, + couch_util:get_value(<<"readers">>, SecProps, {[]})). get_security(#db{security=SecProps}) -> {SecProps}. @@ -343,9 +345,11 @@ set_security(_, _) -> validate_security_object(SecProps) -> Admins = couch_util:get_value(<<"admins">>, SecProps, {[]}), - Readers = couch_util:get_value(<<"readers">>, SecProps, {[]}), + % we fallback to readers here for backwards compatibility + Members = couch_util:get_value(<<"members">>, SecProps, + couch_util:get_value(<<"readers">>, SecProps, {[]})), ok = validate_names_and_roles(Admins), - ok = validate_names_and_roles(Readers), + ok = validate_names_and_roles(Members), ok. % validate user input