couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mikewall...@apache.org
Subject [1/5] chttpd commit: updated refs/heads/2452-users-db-security-on-clustered-interface to 25ec565
Date Fri, 14 Nov 2014 19:35:03 GMT
Repository: couchdb-chttpd
Updated Branches:
  refs/heads/2452-users-db-security-on-clustered-interface 569b00f30 -> 25ec565c1 (forced
update)


Only admin can read _changes on clustered _users

COUCHDB-2452 1/5


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/748f5350
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/748f5350
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/748f5350

Branch: refs/heads/2452-users-db-security-on-clustered-interface
Commit: 748f5350462395b023366997d77c45a48cced8b3
Parents: b44515f
Author: Mike Wallace <mikewallace@apache.org>
Authored: Mon Nov 10 23:16:10 2014 +0000
Committer: Mike Wallace <mikewallace@apache.org>
Committed: Wed Nov 12 15:56:38 2014 +0000

----------------------------------------------------------------------
 src/chttpd_db.erl | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/748f5350/src/chttpd_db.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_db.erl b/src/chttpd_db.erl
index 24eb78c..d51143c 100644
--- a/src/chttpd_db.erl
+++ b/src/chttpd_db.erl
@@ -56,7 +56,16 @@ handle_request(#httpd{path_parts=[DbName|RestParts],method=Method,
         do_db_req(Req, Handler)
     end.
 
-handle_changes_req(#httpd{method='GET'}=Req, Db) ->
+handle_changes_req(#httpd{method='GET'}=Req, #db{name=DbName}=Db) ->
+    AuthDbName = ?l2b(config:get("chttpd_auth", "authentication_db")),
+    case AuthDbName of
+    DbName ->
+        % in the authentication database, _changes is admin-only.
+        ok = couch_db:check_is_admin(Db);
+    _Else ->
+        % on other databases, _changes is free for all.
+        ok
+    end,
     #changes_args{filter=Raw, style=Style} = Args0 = parse_changes_query(Req),
     ChangesArgs = Args0#changes_args{
         filter_fun = couch_changes:configure_filter(Raw, Style, Req, Db)


Mime
View raw message