couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joan Touzet (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COUCHDB-2319) _all_dbs should only list databases to which the user has access
Date Wed, 03 Sep 2014 22:58:52 GMT
Joan Touzet created COUCHDB-2319:
------------------------------------

             Summary: _all_dbs should only list databases to which the user has access
                 Key: COUCHDB-2319
                 URL: https://issues.apache.org/jira/browse/COUCHDB-2319
             Project: CouchDB
          Issue Type: Improvement
      Security Level: public (Regular issues)
          Components: Database Core
            Reporter: Joan Touzet


C.f. discussion around COUCHDB-1631.

On a GET /_all_dbs:
  * If you are an admin, or if CouchDB is in "admin party," you should be able to see all
databases.
  * If you are a user or unauthenticated, you should only see those databases for which you
have read access.
  * If you are a user with access to no databases, or unauthenticated and no databases are
publicly readalbe, we can return an empty set, or optionally the same error message as today
, such as 

{code:javascript}
{"error":"unauthorized","reason":"You have access to no databases."}
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message