couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: svn commit: r1039619 - in /couchdb/trunk: share/www/dialog/ share/www/script/ share/www/script/test/ share/www/spec/ src/couchdb/
Date Sat, 27 Nov 2010 06:17:19 GMT
On Fri, Nov 26, 2010 at 8:41 PM,  <jchris@apache.org> wrote:
> Author: jchris
> Date: Sat Nov 27 04:41:20 2010
> New Revision: 1039619
>
> URL: http://svn.apache.org/viewvc?rev=1039619&view=rev
> Log:
> rename "readers" to "members" in _security object, keep backwards compatibility with
old security objects"


I've updated the _security object API to use "members" instead of
"readers" because readers is misleading. Please review this commit.
The only tricky part is the backwards compatibility so that existing
databases and security objects are still functional. We can remove the
backwards compatibility code for 2.0 if we want.

Chris

>
> Modified:
>    couchdb/trunk/share/www/dialog/_database_security.html
>    couchdb/trunk/share/www/script/futon.browse.js
>    couchdb/trunk/share/www/script/test/reader_acl.js
>    couchdb/trunk/share/www/script/test/replication.js
>    couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js
>    couchdb/trunk/src/couchdb/couch_db.erl
>
> Modified: couchdb/trunk/share/www/dialog/_database_security.html
> URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/dialog/_database_security.html?rev=1039619&r1=1039618&r2=1039619&view=diff
> ==============================================================================
> --- couchdb/trunk/share/www/dialog/_database_security.html (original)
> +++ couchdb/trunk/share/www/dialog/_database_security.html Sat Nov 27 04:41:20 2010
> @@ -16,12 +16,12 @@ specific language governing permissions
>   <h2>Security</h2>
>   <fieldset>
>     <p class="help">
> -      Each database contains lists of admins and readers.
> -      Admins and readers are each defined by <tt>names</tt> and <tt>roles</tt>,
which are lists of strings.
> +      Each database contains lists of admins and members.
> +      Admins and members are each defined by <tt>names</tt> and <tt>roles</tt>,
which are lists of strings.
>     </p>
>
>     <h3>Admins</h3>
> -    <p class="help">Database admins can update design documents and edit the
readers list.</p>
> +    <p class="help">Database admins can update design documents and edit the
admin and member lists.</p>
>     <table summary=""><tbody><tr>
>       <th><label>Names:</label></th>
>       <td><input type="text" name="admin_names" size="40"></td>
> @@ -31,14 +31,14 @@ specific language governing permissions
>     </tr>
>     </tbody></table>
>
> -    <h3>Readers</h3>
> -    <p class="help">Database readers can access the database. If no readers
are defined, the database is public.</p>
> +    <h3>Members</h3>
> +    <p class="help">Database members can access the database. If no members
are defined, the database is public.</p>
>     <table summary=""><tbody><tr>
>       <th><label>Names:</label></th>
> -      <td><input type="text" name="reader_names" size="40"></td>
> +      <td><input type="text" name="member_names" size="40"></td>
>     </tr><tr>
>       <th><label>Roles:</label></th>
> -      <td><input type="text" name="reader_roles" size="40"></td>
> +      <td><input type="text" name="member_roles" size="40"></td>
>     </tr>
>     </tbody></table>
>
>
> Modified: couchdb/trunk/share/www/script/futon.browse.js
> URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/futon.browse.js?rev=1039619&r1=1039618&r2=1039619&view=diff
> ==============================================================================
> --- couchdb/trunk/share/www/script/futon.browse.js [utf-8] (original)
> +++ couchdb/trunk/share/www/script/futon.browse.js [utf-8] Sat Nov 27 04:41:20 2010
> @@ -189,26 +189,34 @@
>       }
>
>       this.databaseSecurity = function() {
> +        function namesAndRoles(r, key) {
> +          var names = [];
> +          var roles = [];
> +          if (r && typeof r[key + "s"] === "object") {
> +            if ($.isArray(r[key + "s"]["names"])) {
> +              names = r[key + "s"]["names"];
> +            }
> +            if ($.isArray(r[key + "s"]["roles"])) {
> +              roles = r[key + "s"]["roles"];
> +            }
> +          }
> +          return {names : names, roles: roles};
> +        };
> +
>         $.showDialog("dialog/_database_security.html", {
>           load : function(d) {
>             db.getDbProperty("_security", {
>               success: function(r) {
> -                ["admin", "reader"].forEach(function(key) {
> -                  var names = [];
> -                  var roles = [];
> -
> -                  if (r && typeof r[key + "s"] === "object") {
> -                    if ($.isArray(r[key + "s"]["names"])) {
> -                      names = r[key + "s"]["names"];
> -                    }
> -                    if ($.isArray(r[key + "s"]["roles"])) {
> -                      roles = r[key + "s"]["roles"];
> -                    }
> -                  }
> -
> -                  $("input[name=" + key + "_names]", d).val(JSON.stringify(names));
> -                  $("input[name=" + key + "_roles]", d).val(JSON.stringify(roles));
> -                });
> +                var admins = namesAndRoles(r, "admin")
> +                  , members = namesAndRoles(r, "member");
> +                if (members.names.length + members.roles.length == 0) {
> +                  // backwards compatibility with readers for 1.x
> +                  members = namesAndRoles(r, "reader");
> +                }
> +                $("input[name=admin_names]", d).val(JSON.stringify(admins.names));
> +                $("input[name=admin_roles]", d).val(JSON.stringify(admins.roles));
> +                $("input[name=member_names]", d).val(JSON.stringify(members.names));
> +                $("input[name=member_roles]", d).val(JSON.stringify(members.roles));
>               }
>             });
>           },
> @@ -220,13 +228,13 @@
>                 names: [],
>                 roles: []
>               },
> -              readers: {
> +              members: {
>                 names: [],
>                 roles: []
>               }
>             };
>
> -            ["admin", "reader"].forEach(function(key) {
> +            ["admin", "member"].forEach(function(key) {
>               var names, roles;
>
>               try {
>
> Modified: couchdb/trunk/share/www/script/test/reader_acl.js
> URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/reader_acl.js?rev=1039619&r1=1039618&r2=1039619&view=diff
> ==============================================================================
> --- couchdb/trunk/share/www/script/test/reader_acl.js (original)
> +++ couchdb/trunk/share/www/script/test/reader_acl.js Sat Nov 27 04:41:20 2010
> @@ -37,7 +37,7 @@ couchTests.reader_acl = function(debug)
>       T(secretDb.open("baz").foo == "bar");
>
>       T(secretDb.setSecObj({
> -        "readers" : {
> +        "members" : {
>           roles : ["super-secret-club"],
>           names : ["joe","barb"]
>         }
> @@ -64,13 +64,13 @@ couchTests.reader_acl = function(debug)
>       CouchDB.logout();
>
>       // make anyone with the top-secret role an admin
> -      // db admins are automatically readers
> +      // db admins are automatically members
>       T(secretDb.setSecObj({
>         "admins" : {
>           roles : ["top-secret"],
>           names : []
>         },
> -        "readers" : {
> +        "members" : {
>           roles : ["super-secret-club"],
>           names : ["joe","barb"]
>         }
> @@ -90,14 +90,14 @@ couchTests.reader_acl = function(debug)
>       CouchDB.logout();
>       T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1);
>
> -      // admin now adds the top-secret role to the db's readers
> +      // admin now adds the top-secret role to the db's members
>       // and removes db-admins
>       T(secretDb.setSecObj({
>         "admins" : {
>           roles : [],
>           names : []
>         },
> -        "readers" : {
> +        "members" : {
>           roles : ["super-secret-club", "top-secret"],
>           names : ["joe","barb"]
>         }
> @@ -124,10 +124,10 @@ couchTests.reader_acl = function(debug)
>       T(CouchDB.login("jchris@apache.org", "funnybone").ok);
>       T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1);
>       T(secretDb.open("baz").foo == "bar");
> -      // readers can query stored views
> +      // members can query stored views
>       T(secretDb.view("foo/bar").total_rows == 1);
>
> -      // readers can't do temp views
> +      // members can't do temp views
>       try {
>         var results = secretDb.query(function(doc) {
>           emit(null, null);
> @@ -137,13 +137,28 @@ couchTests.reader_acl = function(debug)
>         T(true && "temp view is admin only");
>       }
>
> -
>       CouchDB.logout();
>
> +      // works with readers (backwards compat with 1.0)
> +      T(secretDb.setSecObj({
> +        "admins" : {
> +          roles : [],
> +          names : []
> +        },
> +        "readers" : {
> +          roles : ["super-secret-club", "top-secret"],
> +          names : ["joe","barb"]
> +        }
> +      }).ok);
> +
> +      T(CouchDB.login("jchris@apache.org", "funnybone").ok);
> +      T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1);
> +      T(secretDb.open("baz").foo == "bar");
> +
>       // can't set non string reader names or roles
>       try {
>         secretDb.setSecObj({
> -          "readers" : {
> +          "members" : {
>             roles : ["super-secret-club", {"top-secret":"awesome"}],
>             names : ["joe","barb"]
>           }
> @@ -153,7 +168,7 @@ couchTests.reader_acl = function(debug)
>
>       try {
>         secretDb.setSecObj({
> -          "readers" : {
> +          "members" : {
>             roles : ["super-secret-club", {"top-secret":"awesome"}],
>             names : ["joe",22]
>           }
> @@ -163,7 +178,7 @@ couchTests.reader_acl = function(debug)
>
>       try {
>         secretDb.setSecObj({
> -          "readers" : {
> +          "members" : {
>             roles : ["super-secret-club", {"top-secret":"awesome"}],
>             names : "joe"
>           }
>
> Modified: couchdb/trunk/share/www/script/test/replication.js
> URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/replication.js?rev=1039619&r1=1039618&r2=1039619&view=diff
> ==============================================================================
> --- couchdb/trunk/share/www/script/test/replication.js (original)
> +++ couchdb/trunk/share/www/script/test/replication.js Sat Nov 27 04:41:20 2010
> @@ -623,7 +623,7 @@ couchTests.replication = function(debug)
>       names: [],
>       roles: ["admin"]
>     },
> -    readers: {
> +    members: {
>       names: [],
>       roles: ["reader"]
>     }
> @@ -687,7 +687,7 @@ couchTests.replication = function(debug)
>         names: [],
>         roles: ["bar"]
>       },
> -      readers: {
> +      members: {
>         names: [],
>         roles: ["foo"]
>       }
>
> Modified: couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js
> URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js?rev=1039619&r1=1039618&r2=1039619&view=diff
> ==============================================================================
> --- couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js (original)
> +++ couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js Sat Nov 27 04:41:20
2010
> @@ -184,15 +184,15 @@ describe 'CouchDB instance'
>
>   describe '.setSecObj'
>     it 'should return ok true'
> -      db.setSecObj({"readers":{"names":["laura"],"roles":["president"]}}).ok.should.be_true
> +      db.setSecObj({"members":{"names":["laura"],"roles":["president"]}}).ok.should.be_true
>     end
>
>     it 'should save a well formed object into the _security object '
> -      db.should.receive("request", "once").with_args("PUT", "/spec_db/_security",
{body: '{"readers":{"names":["laura"],"roles":["president"]}}'})
> -      db.setSecObj({"readers": {"names" : ["laura"], "roles" : ["president"]}})
> +      db.should.receive("request", "once").with_args("PUT", "/spec_db/_security",
{body: '{"members":{"names":["laura"],"roles":["president"]}}'})
> +      db.setSecObj({"members": {"names" : ["laura"], "roles" : ["president"]}})
>     end
>
> -    it 'should throw an error when the readers or admins object is malformed'
> +    it 'should throw an error when the members or admins object is malformed'
>       -{ db.setSecObj({"admins":["cylon"]}) }.should.throw_error
>     end
>
>
> Modified: couchdb/trunk/src/couchdb/couch_db.erl
> URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_db.erl?rev=1039619&r1=1039618&r2=1039619&view=diff
> ==============================================================================
> --- couchdb/trunk/src/couchdb/couch_db.erl (original)
> +++ couchdb/trunk/src/couchdb/couch_db.erl Sat Nov 27 04:41:20 2010
> @@ -26,7 +26,7 @@
>  -export([set_security/2,get_security/1]).
>  -export([init/1,terminate/2,handle_call/3,handle_cast/2,code_change/3,handle_info/2]).
>  -export([changes_since/5,changes_since/6,read_doc/2,new_revid/1]).
> --export([check_is_admin/1, check_is_reader/1]).
> +-export([check_is_admin/1, check_is_member/1]).
>  -export([reopen/1]).
>
>  -include("couch_db.hrl").
> @@ -77,7 +77,7 @@ open(DbName, Options) ->
>     case couch_server:open(DbName, Options) of
>         {ok, Db} ->
>             try
> -                check_is_reader(Db),
> +                check_is_member(Db),
>                 {ok, Db}
>             catch
>                 throw:Error ->
> @@ -297,14 +297,14 @@ check_is_admin(#db{user_ctx=#user_ctx{na
>         ok
>     end.
>
> -check_is_reader(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) ->
> +check_is_member(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) ->
>     case (catch check_is_admin(Db)) of
>     ok -> ok;
>     _ ->
> -        {Readers} = get_readers(Db),
> -        ReaderRoles = couch_util:get_value(<<"roles">>, Readers,[]),
> +        {Members} = get_members(Db),
> +        ReaderRoles = couch_util:get_value(<<"roles">>, Members,[]),
>         WithAdminRoles = [<<"_admin">> | ReaderRoles],
> -        ReaderNames = couch_util:get_value(<<"names">>, Readers,[]),
> +        ReaderNames = couch_util:get_value(<<"names">>, Members,[]),
>         case ReaderRoles ++ ReaderNames of
>         [] -> ok; % no readers == public access
>         _Else ->
> @@ -326,8 +326,10 @@ check_is_reader(#db{user_ctx=#user_ctx{n
>  get_admins(#db{security=SecProps}) ->
>     couch_util:get_value(<<"admins">>, SecProps, {[]}).
>
> -get_readers(#db{security=SecProps}) ->
> -    couch_util:get_value(<<"readers">>, SecProps, {[]}).
> +get_members(#db{security=SecProps}) ->
> +    % we fallback to readers here for backwards compatibility
> +    couch_util:get_value(<<"members">>, SecProps,
> +        couch_util:get_value(<<"readers">>, SecProps, {[]})).
>
>  get_security(#db{security=SecProps}) ->
>     {SecProps}.
> @@ -343,9 +345,11 @@ set_security(_, _) ->
>
>  validate_security_object(SecProps) ->
>     Admins = couch_util:get_value(<<"admins">>, SecProps, {[]}),
> -    Readers = couch_util:get_value(<<"readers">>, SecProps, {[]}),
> +    % we fallback to readers here for backwards compatibility
> +    Members = couch_util:get_value(<<"members">>, SecProps,
> +        couch_util:get_value(<<"readers">>, SecProps, {[]})),
>     ok = validate_names_and_roles(Admins),
> -    ok = validate_names_and_roles(Readers),
> +    ok = validate_names_and_roles(Members),
>     ok.
>
>  % validate user input
>
>
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message