couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [03/13] couch commit: updated refs/heads/master to 311ba94
Date Wed, 12 Aug 2015 15:54:03 GMT
Add couch_db_plugin:check_is_admin/1


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/b40e2ce3
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/b40e2ce3
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/b40e2ce3

Branch: refs/heads/master
Commit: b40e2ce39af63db85a8e4effa26b64b6155fb6f9
Parents: f28bd7c
Author: ILYA Khlopotov <iilyak@ca.ibm.com>
Authored: Fri Jun 19 10:58:35 2015 -0700
Committer: ILYA Khlopotov <iilyak@ca.ibm.com>
Committed: Tue Aug 11 12:24:59 2015 -0700

----------------------------------------------------------------------
 src/couch_db.erl               | 24 ++++++++++++++++++++----
 src/couch_db_plugin.erl        |  8 +++++++-
 test/couch_db_plugin_tests.erl | 29 +++++++++++++++++++++++++++--
 3 files changed, 54 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/b40e2ce3/src/couch_db.erl
----------------------------------------------------------------------
diff --git a/src/couch_db.erl b/src/couch_db.erl
index e84898b..a590bf0 100644
--- a/src/couch_db.erl
+++ b/src/couch_db.erl
@@ -415,7 +415,23 @@ get_design_docs(#db{id_tree = IdBtree}) ->
     {ok, _, Docs} = couch_btree:fold(IdBtree, FoldFun, [], KeyOpts),
     {ok, Docs}.
 
-check_is_admin(#db{user_ctx=#user_ctx{name=Name,roles=Roles}}=Db) ->
+check_is_admin(#db{} = Db) ->
+    case is_admin(Db) of
+        true ->
+            ok;
+        false ->
+            throw({unauthorized, <<"You are not a db or server admin.">>})
+    end.
+
+is_admin(Db) ->
+    case couch_db_plugin:check_is_admin(Db) of
+        true ->
+            true;
+        false ->
+            is_admin_int(Db)
+    end.
+
+is_admin_int(#db{user_ctx = #user_ctx{name = Name, roles = Roles}} = Db) ->
     {Admins} = get_admins(Db),
     AdminRoles = [<<"_admin">> | couch_util:get_value(<<"roles">>,
Admins, [])],
     AdminNames = couch_util:get_value(<<"names">>, Admins,[]),
@@ -423,12 +439,12 @@ check_is_admin(#db{user_ctx=#user_ctx{name=Name,roles=Roles}}=Db) ->
     AdminRoles -> % same list, not an admin role
         case AdminNames -- [Name] of
         AdminNames -> % same names, not an admin
-            throw({unauthorized, <<"You are not a db or server admin.">>});
+            false;
         _ ->
-            ok
+            true
         end;
     _ ->
-        ok
+        true
     end.
 
 check_is_member(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) ->

http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/b40e2ce3/src/couch_db_plugin.erl
----------------------------------------------------------------------
diff --git a/src/couch_db_plugin.erl b/src/couch_db_plugin.erl
index e9aabff..cac078a 100644
--- a/src/couch_db_plugin.erl
+++ b/src/couch_db_plugin.erl
@@ -16,7 +16,8 @@
     validate_dbname/2,
     before_doc_update/2,
     after_doc_read/2,
-    validate_docid/1
+    validate_docid/1,
+    check_is_admin/1
 ]).
 
 -define(SERVICE_ID, couch_db).
@@ -50,6 +51,11 @@ validate_docid(Id) ->
     %% callbacks return true only if it specifically allow the given Id
     couch_epi:any(Handle, ?SERVICE_ID, validate_docid, [Id], [ignore_providers]).
 
+check_is_admin(Db) ->
+    Handle = couch_epi:get_handle(?SERVICE_ID),
+    %% callbacks return true only if it specifically allow the given Id
+    couch_epi:any(Handle, ?SERVICE_ID, check_is_admin, [Db], [ignore_providers]).
+
 %% ------------------------------------------------------------------
 %% Internal Function Definitions
 %% ------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/b40e2ce3/test/couch_db_plugin_tests.erl
----------------------------------------------------------------------
diff --git a/test/couch_db_plugin_tests.erl b/test/couch_db_plugin_tests.erl
index bb41474..ae9f9d6 100644
--- a/test/couch_db_plugin_tests.erl
+++ b/test/couch_db_plugin_tests.erl
@@ -16,7 +16,8 @@
     validate_dbname/2,
     before_doc_update/2,
     after_doc_read/2,
-    validate_docid/1
+    validate_docid/1,
+    check_is_admin/1
 ]).
 
 -include_lib("couch/include/couch_eunit.hrl").
@@ -55,6 +56,10 @@ validate_docid({true, _Id}) -> true;
 validate_docid({false, _Id}) -> false;
 validate_docid({fail, _Id}) -> throw(validate_docid).
 
+check_is_admin({true, _Db}) -> true;
+check_is_admin({false, _Db}) -> false;
+check_is_admin({fail, _Db}) -> throw(check_is_admin).
+
 callback_test_() ->
     {
         "callback tests",
@@ -75,7 +80,11 @@ callback_test_() ->
 
                 fun validate_docid_match/0,
                 fun validate_docid_no_match/0,
-                fun validate_docid_throw/0
+                fun validate_docid_throw/0,
+
+                fun check_is_admin_match/0,
+                fun check_is_admin_no_match/0,
+                fun check_is_admin_throw/0
             ]
         }
     }.
@@ -142,3 +151,19 @@ validate_docid_throw() ->
     ?_assertThrow(
         validate_docid,
         couch_db_plugin:validate_docid({fail, [doc]})).
+
+
+check_is_admin_match() ->
+    ?_assertMatch(
+        true,
+        couch_db_plugin:check_is_admin({true, [db]})).
+
+check_is_admin_no_match() ->
+    ?assertMatch(
+        false,
+        couch_db_plugin:check_is_admin({false, [db]})).
+
+check_is_admin_throw() ->
+    ?assertThrow(
+        check_is_admin,
+        couch_db_plugin:check_is_admin({fail, [db]})).


Mime
View raw message