couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: DB ACLs (was Re: 0.11 Release / Feature Freeze for 1.0)
Date Mon, 08 Feb 2010 18:39:15 GMT
On Mon, Feb 8, 2010 at 8:19 AM, Brian Candler <B.Candler@pobox.com> wrote:
> Sorry to drag on about this, but I have another problem with the readeracl
> branch.
>
> As far as I can tell, it's impossible to test in validate_doc_update whether
> the user is listed in the database-level _admins resource.

This is a good example of a use case for putting all this stuff in a
single object.

Sorry I haven't had a chance to respond to your earlier message yet,
superbowl, etc. etc.

Chris

> Example:
>
> $ curl http://brianadmin:brianadmin@127.0.0.1:5984/briantest/_admins
> {"names":["brianadmin"],"roles":[]}
>
> $ curl -X PUT -d'{"validate_doc_update":"function(newDoc,oldDoc,userCtx,secObj) {if (userCtx.roles.indexOf(\"_admin\")
== -1) {throw {unauthorized: \"You are not an admin\"+toJSON(userCtx)};}}"}' 'http://brianadmin:brianadmin@127.0.0.1:5984/briantest/_design/testadmin'
> {"ok":true,"id":"_design/testadmin","rev":"1-3a33960e65f156773478f357aaf67471"}
>
> $ curl -X PUT -d "{}" http://brianadmin:brianadmin@127.0.0.1:5984/briantest/foo
> {"error":"unauthorized","reason":"You are not an admin{\"db\":\"briantest\",\"name\":\"brianadmin\",\"roles\":[]}"}
>
> That is, the "_admin" role is only visible here if you are a server-wide
> admin, not if you are a database-level admin.
>
> As a result, if you want database-level admins to have any special
> privileges with regards to updating documents, you have to list them again
> in the _security document.
>
> I don't think this is clear in the security_validation.js test, because it
> uses X-Couch-Test-Auth, which gives _admin role when not logged in as any
> particular user. So
>
>      T(db.setDbProperty("_security", {admin_override : true}).ok);
>      T(db.save(doc).ok);
>
> only works because the _admin role is set here, not because the user is in
> _admins.
>
> Regards,
>
> Brian.
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message