couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dav...@apache.org
Subject [10/22] couch-mrview commit: updated refs/heads/import-rcouch to 7258945
Date Thu, 06 Feb 2014 16:54:29 GMT
admins can always read all doc fields, regardless of public_fields

Closes COUCHDB-1888


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch-mrview/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch-mrview/commit/f5c829fd
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch-mrview/tree/f5c829fd
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch-mrview/diff/f5c829fd

Branch: refs/heads/import-rcouch
Commit: f5c829fd69d355779b0fc2ebfde024ea76221f6f
Parents: f4739cd
Author: Jan Lehnardt <jan@apache.org>
Authored: Wed Sep 25 17:40:14 2013 +0200
Committer: Jan Lehnardt <jan@apache.org>
Committed: Thu Oct 3 17:58:25 2013 +0200

----------------------------------------------------------------------
 src/couch_mrview_http.erl | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch-mrview/blob/f5c829fd/src/couch_mrview_http.erl
----------------------------------------------------------------------
diff --git a/src/couch_mrview_http.erl b/src/couch_mrview_http.erl
index b8c4465..8b914ef 100644
--- a/src/couch_mrview_http.erl
+++ b/src/couch_mrview_http.erl
@@ -129,7 +129,6 @@ all_docs_req(Req, Db, Keys) ->
         do_all_docs_req(Req, Db, Keys)
     end.
 
-
 do_all_docs_req(Req, Db, Keys) ->
     Args0 = parse_qs(Req, Keys),
     ETagFun = fun(Sig, Acc0) ->
@@ -143,14 +142,11 @@ do_all_docs_req(Req, Db, Keys) ->
     {ok, Resp} = couch_httpd:etag_maybe(Req, fun() ->
         VAcc0 = #vacc{db=Db, req=Req},
         DbName = ?b2l(Db#db.name),
-        Callback = case couch_config:get("couch_httpd_auth",
+        UsersDbName = couch_config:get("couch_httpd_auth",
                                          "authentication_db",
-                                         "_users") of
-        DbName ->
-            fun filtered_view_cb/2;
-        _ ->
-            fun view_cb/2
-        end,
+                                         "_users"),
+        IsAdmin = is_admin(Db),
+        Callback = get_view_callback(DbName, UsersDbName, IsAdmin),
         couch_mrview:query_all_docs(Db, Args, Callback, VAcc0)
     end),
     case is_record(Resp, vacc) of
@@ -158,6 +154,26 @@ do_all_docs_req(Req, Db, Keys) ->
         _ -> {ok, Resp}
     end.
 
+is_admin(Db) ->
+    case catch couch_db:check_is_admin(Db) of
+    {unauthorized, _} ->
+        false;
+    ok ->
+        true
+    end.
+
+
+% admin users always get all fields
+get_view_callback(_, _, true) ->
+    fun view_cb/2;
+% if we are operating on the users db and we aren't
+% admin, filter the view
+get_view_callback(_DbName, _DbName, false) ->
+    fun filtered_view_cb/2;
+% non _users databases get all fields
+get_view_callback(_, _, _) ->
+    fun view_cb/2.
+
 
 design_doc_view(Req, Db, DDoc, ViewName, Keys) ->
     Args0 = parse_qs(Req, Keys),


Mime
View raw message