incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel MacDonald (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-1155) Etag send by list function does not depend on userCtx
Date Tue, 02 Oct 2012 23:57:07 GMT


Daniel MacDonald commented on COUCHDB-1155:

I just ran in to this too. The suggested workaround of assigning roles to each user is especially
annoying because normally only admins can assign roles, and I need to let anonymous users
signup. I hacked this by allowing _design/auth/validate_doc_update to permit a special per-user
role, but I felt dirty about it.
> Etag send by list function does not depend on userCtx
> -----------------------------------------------------
>                 Key: COUCHDB-1155
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>    Affects Versions: 1.0.2
>            Reporter: Johannes J. Schmidt
>            Assignee: Randall Leeds
> List functions should send a different Etag when requested by different users.
> The following curl session shows identical Etags for different users. CouchDB must not
be in admin party mode.
> DB=testdb
> # admin credentials for db creation
> ADMIN=admin:secure
> # this user must have an empty roles array
> USER=user:secure
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/foo -d '{"count":1}'
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/_design/foo -d '{ "views": { "bar": { "map":
"function(doc) { emit(doc._id, null); }" } }, "lists": { "bar": "function(head, req) { return || \"anonymous\" }" }}'
> curl -s $PROTOCOL://$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
> curl -s $PROTOCOL://$USER@$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> This issue is important for standalone CouchDB applications which use list functions
depending on the user context, eg. showing a login button or username.
> regards
> Johannes
> PS: I tried to write a javascript test case but this issue can only be reproduced if
the server is not in admin party mode, which the test suite requires. I am not so familar
with those tests to temporarily change the admin party.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message