couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Kowalski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-2244) Fauxton auth is broken for fixed Admin Party
Date Sat, 09 Aug 2014 20:15:12 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14091891#comment-14091891
] 

Robert Kowalski commented on COUCHDB-2244:
------------------------------------------

Access to the replication view is just allowed for admins:

{{roles: ["_admin"]}}


Almost the same for all-docs:
{{
      "database/:database/_all_docs(:extra)": {
        route: "allDocs",
        roles: ["_reader","_writer","_admin"]
      },
      "database/:database/_design/:ddoc/_view/:view": {
        route: "viewFn",
        roles: ['_admin']
      },
      "database/:database/_design/:ddoc/_lists/:fn": {
        route: "tempFn",
        roles: ['_admin']
      },
      "database/:database/_design/:ddoc/_filters/:fn": {
        route: "tempFn",
        roles: ['_admin']
      },
      "database/:database/_design/:ddoc/_show/:fn": {
        route: "tempFn",
        roles: ['_admin']
      },
      "database/:database/_design/:ddoc/metadata": {
        route: "designDocMetadata",
        roles: ['_admin']
      },
}}


> Fauxton auth is broken for fixed Admin Party
> --------------------------------------------
>
>                 Key: COUCHDB-2244
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2244
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Fauxton
>            Reporter: Alexander Shorin
>
> 1. Fix the Admin Party
> 2. Logout
> 3. Login as regular user (optional)
> You'll probably see the same effect as for COUCHDB-2243, but in 
> addition you'll not be able to change your password, create replication, access to databases
where even if you're explicitly defined as admin or member.
> Fauxton @ 2abdb2c



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message