Return-Path: X-Original-To: apmail-couchdb-commits-archive@www.apache.org Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BB0E610EED for ; Thu, 3 Oct 2013 15:58:36 +0000 (UTC) Received: (qmail 60534 invoked by uid 500); 3 Oct 2013 15:58:36 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 60505 invoked by uid 500); 3 Oct 2013 15:58:36 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 60490 invoked by uid 99); 3 Oct 2013 15:58:35 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Oct 2013 15:58:35 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id F341790E9F0; Thu, 3 Oct 2013 15:58:34 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jan@apache.org To: commits@couchdb.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: git commit: updated refs/heads/1888-fix-user-fields-disabled-for-admins to 674aad6 Date: Thu, 3 Oct 2013 15:58:34 +0000 (UTC) Updated Branches: refs/heads/1888-fix-user-fields-disabled-for-admins 79e2391a0 -> 674aad6f3 (forced update) admins can always read all doc fields, regardless of public_fields Closes COUCHDB-1888 Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/674aad6f Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/674aad6f Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/674aad6f Branch: refs/heads/1888-fix-user-fields-disabled-for-admins Commit: 674aad6f37355529da81af35105fbb86de5e5974 Parents: 1d01163 Author: Jan Lehnardt Authored: Wed Sep 25 17:40:14 2013 +0200 Committer: Jan Lehnardt Committed: Thu Oct 3 17:58:25 2013 +0200 ---------------------------------------------------------------------- share/www/script/test/users_db_security.js | 11 +++++++-- src/couch_mrview/src/couch_mrview_http.erl | 32 ++++++++++++++++++------- 2 files changed, 33 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/674aad6f/share/www/script/test/users_db_security.js ---------------------------------------------------------------------- diff --git a/share/www/script/test/users_db_security.js b/share/www/script/test/users_db_security.js index 888ed00..9bf9b8a 100644 --- a/share/www/script/test/users_db_security.js +++ b/share/www/script/test/users_db_security.js @@ -168,7 +168,7 @@ couchTests.users_db_security = function(debug) { "should not_found opening another user's user doc"); - // save a db amin + // save a db admin var benoitcDoc = { _id: "org.couchdb.user:benoitc", type: "user", @@ -320,7 +320,7 @@ couchTests.users_db_security = function(debug) { { section: "couch_httpd_auth", key: "public_fields", - value: "name,type" + value: "name" }, { section: "couch_httpd_auth", @@ -342,6 +342,13 @@ couchTests.users_db_security = function(debug) { TEquals("forbidden", e.error, "should throw"); } + // COUCHDB-1888 make sure admins always get all fields + TEquals(true, CouchDB.login("jan", "apple").ok); + var all_admin = usersDb.allDocs({ include_docs: "true" }); + TEquals("user", all_admin.rows[2].doc.type, + "should return type"); + + // log in one last time so run_on_modified_server can clean up the admin account TEquals(true, CouchDB.login("jan", "apple").ok); }); http://git-wip-us.apache.org/repos/asf/couchdb/blob/674aad6f/src/couch_mrview/src/couch_mrview_http.erl ---------------------------------------------------------------------- diff --git a/src/couch_mrview/src/couch_mrview_http.erl b/src/couch_mrview/src/couch_mrview_http.erl index b8c4465..8b914ef 100644 --- a/src/couch_mrview/src/couch_mrview_http.erl +++ b/src/couch_mrview/src/couch_mrview_http.erl @@ -129,7 +129,6 @@ all_docs_req(Req, Db, Keys) -> do_all_docs_req(Req, Db, Keys) end. - do_all_docs_req(Req, Db, Keys) -> Args0 = parse_qs(Req, Keys), ETagFun = fun(Sig, Acc0) -> @@ -143,14 +142,11 @@ do_all_docs_req(Req, Db, Keys) -> {ok, Resp} = couch_httpd:etag_maybe(Req, fun() -> VAcc0 = #vacc{db=Db, req=Req}, DbName = ?b2l(Db#db.name), - Callback = case couch_config:get("couch_httpd_auth", + UsersDbName = couch_config:get("couch_httpd_auth", "authentication_db", - "_users") of - DbName -> - fun filtered_view_cb/2; - _ -> - fun view_cb/2 - end, + "_users"), + IsAdmin = is_admin(Db), + Callback = get_view_callback(DbName, UsersDbName, IsAdmin), couch_mrview:query_all_docs(Db, Args, Callback, VAcc0) end), case is_record(Resp, vacc) of @@ -158,6 +154,26 @@ do_all_docs_req(Req, Db, Keys) -> _ -> {ok, Resp} end. +is_admin(Db) -> + case catch couch_db:check_is_admin(Db) of + {unauthorized, _} -> + false; + ok -> + true + end. + + +% admin users always get all fields +get_view_callback(_, _, true) -> + fun view_cb/2; +% if we are operating on the users db and we aren't +% admin, filter the view +get_view_callback(_DbName, _DbName, false) -> + fun filtered_view_cb/2; +% non _users databases get all fields +get_view_callback(_, _, _) -> + fun view_cb/2. + design_doc_view(Req, Db, DDoc, ViewName, Keys) -> Args0 = parse_qs(Req, Keys),