couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject [1/2] git commit: updated refs/heads/master to cf84c3e
Date Thu, 03 Oct 2013 15:59:27 GMT
Updated Branches:
  refs/heads/master 073f9e252 -> cf84c3e85


admins can always read all doc fields, regardless of public_fields

Closes COUCHDB-1888


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/674aad6f
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/674aad6f
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/674aad6f

Branch: refs/heads/master
Commit: 674aad6f37355529da81af35105fbb86de5e5974
Parents: 1d01163
Author: Jan Lehnardt <jan@apache.org>
Authored: Wed Sep 25 17:40:14 2013 +0200
Committer: Jan Lehnardt <jan@apache.org>
Committed: Thu Oct 3 17:58:25 2013 +0200

----------------------------------------------------------------------
 share/www/script/test/users_db_security.js | 11 +++++++--
 src/couch_mrview/src/couch_mrview_http.erl | 32 ++++++++++++++++++-------
 2 files changed, 33 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/674aad6f/share/www/script/test/users_db_security.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/users_db_security.js b/share/www/script/test/users_db_security.js
index 888ed00..9bf9b8a 100644
--- a/share/www/script/test/users_db_security.js
+++ b/share/www/script/test/users_db_security.js
@@ -168,7 +168,7 @@ couchTests.users_db_security = function(debug) {
         "should not_found opening another user's user doc");
 
 
-      // save a db amin 
+      // save a db admin
       var benoitcDoc = {
         _id: "org.couchdb.user:benoitc",
         type: "user",
@@ -320,7 +320,7 @@ couchTests.users_db_security = function(debug) {
       {
         section: "couch_httpd_auth",
         key: "public_fields",
-        value: "name,type"
+        value: "name"
       },
       {
         section: "couch_httpd_auth",
@@ -342,6 +342,13 @@ couchTests.users_db_security = function(debug) {
         TEquals("forbidden", e.error, "should throw");
       }
 
+      // COUCHDB-1888 make sure admins always get all fields
+      TEquals(true, CouchDB.login("jan", "apple").ok);
+      var all_admin = usersDb.allDocs({ include_docs: "true" });
+      TEquals("user", all_admin.rows[2].doc.type,
+          "should return type");
+
+
       // log in one last time so run_on_modified_server can clean up the admin account
       TEquals(true, CouchDB.login("jan", "apple").ok);
     });

http://git-wip-us.apache.org/repos/asf/couchdb/blob/674aad6f/src/couch_mrview/src/couch_mrview_http.erl
----------------------------------------------------------------------
diff --git a/src/couch_mrview/src/couch_mrview_http.erl b/src/couch_mrview/src/couch_mrview_http.erl
index b8c4465..8b914ef 100644
--- a/src/couch_mrview/src/couch_mrview_http.erl
+++ b/src/couch_mrview/src/couch_mrview_http.erl
@@ -129,7 +129,6 @@ all_docs_req(Req, Db, Keys) ->
         do_all_docs_req(Req, Db, Keys)
     end.
 
-
 do_all_docs_req(Req, Db, Keys) ->
     Args0 = parse_qs(Req, Keys),
     ETagFun = fun(Sig, Acc0) ->
@@ -143,14 +142,11 @@ do_all_docs_req(Req, Db, Keys) ->
     {ok, Resp} = couch_httpd:etag_maybe(Req, fun() ->
         VAcc0 = #vacc{db=Db, req=Req},
         DbName = ?b2l(Db#db.name),
-        Callback = case couch_config:get("couch_httpd_auth",
+        UsersDbName = couch_config:get("couch_httpd_auth",
                                          "authentication_db",
-                                         "_users") of
-        DbName ->
-            fun filtered_view_cb/2;
-        _ ->
-            fun view_cb/2
-        end,
+                                         "_users"),
+        IsAdmin = is_admin(Db),
+        Callback = get_view_callback(DbName, UsersDbName, IsAdmin),
         couch_mrview:query_all_docs(Db, Args, Callback, VAcc0)
     end),
     case is_record(Resp, vacc) of
@@ -158,6 +154,26 @@ do_all_docs_req(Req, Db, Keys) ->
         _ -> {ok, Resp}
     end.
 
+is_admin(Db) ->
+    case catch couch_db:check_is_admin(Db) of
+    {unauthorized, _} ->
+        false;
+    ok ->
+        true
+    end.
+
+
+% admin users always get all fields
+get_view_callback(_, _, true) ->
+    fun view_cb/2;
+% if we are operating on the users db and we aren't
+% admin, filter the view
+get_view_callback(_DbName, _DbName, false) ->
+    fun filtered_view_cb/2;
+% non _users databases get all fields
+get_view_callback(_, _, _) ->
+    fun view_cb/2.
+
 
 design_doc_view(Req, Db, DDoc, ViewName, Keys) ->
     Args0 = parse_qs(Req, Keys),


Mime
View raw message