Return-Path: X-Original-To: apmail-couchdb-commits-archive@www.apache.org Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 813371802B for ; Wed, 15 Jul 2015 10:20:27 +0000 (UTC) Received: (qmail 39123 invoked by uid 500); 15 Jul 2015 10:20:27 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 39070 invoked by uid 500); 15 Jul 2015 10:20:27 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 39058 invoked by uid 99); 15 Jul 2015 10:20:27 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Jul 2015 10:20:27 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id EE6FEE0F7F; Wed, 15 Jul 2015 10:20:26 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mikewallace@apache.org To: commits@couchdb.apache.org Date: Wed, 15 Jul 2015 10:20:27 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [2/2] fabric commit: updated refs/heads/master to 3c204d0 Restrict views in the authentication DB to admins This commit teaches fabric to restrict access to views in the authentication DB to administrators by calling through to couch_db_users:after_doc_read/2 after the design doc is read. COUCHDB-2738 This closes #23 Project: http://git-wip-us.apache.org/repos/asf/couchdb-fabric/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fabric/commit/3c204d00 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fabric/tree/3c204d00 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fabric/diff/3c204d00 Branch: refs/heads/master Commit: 3c204d00967318d14d767316c14639d1ba8f1d23 Parents: c30665d Author: Mike Wallace Authored: Wed Jul 15 10:54:05 2015 +0100 Committer: Mike Wallace Committed: Wed Jul 15 11:16:30 2015 +0100 ---------------------------------------------------------------------- src/fabric.erl | 8 ++++++++ 1 file changed, 8 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-fabric/blob/3c204d00/src/fabric.erl ---------------------------------------------------------------------- diff --git a/src/fabric.erl b/src/fabric.erl index c3a95fb..c1e0cd5 100644 --- a/src/fabric.erl +++ b/src/fabric.erl @@ -315,6 +315,14 @@ query_view(Db, GroupId, ViewName, Callback, Acc0, QueryArgs) query_view(DbName, DDoc, ViewName, Callback, Acc0, QueryArgs); query_view(DbName, DDoc, ViewName, Callback, Acc0, QueryArgs0) -> Db = dbname(DbName), View = name(ViewName), + case fabric_util:is_users_db(Db) of + true -> + Req = Acc0#vacc.req, + FakeDb = fabric_util:fake_db([{user_ctx, Req#httpd.user_ctx}]), + couch_users_db:after_doc_read(DDoc, FakeDb); + false -> + ok + end, {ok, #mrst{views=Views, language=Lang}} = couch_mrview_util:ddoc_to_mrst(Db, DDoc), QueryArgs1 = couch_mrview_util:set_view_type(QueryArgs0, View, Views),