couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: DB ACLs (was Re: 0.11 Release / Feature Freeze for 1.0)
Date Tue, 09 Feb 2010 17:04:49 GMT
On Tue, Feb 9, 2010 at 2:04 AM, Brian Candler <B.Candler@pobox.com> wrote:
> On Tue, Feb 09, 2010 at 10:00:53AM +0000, Brian Candler wrote:
>> Even going back to Admin Party it doesn't work:
>>
>> $ curl -X POST -d '{"map":"function(doc) {}"}' http://127.0.0.1:5984/briantest/_temp_view
>> {"error":"unauthorized","reason":"You are not authorized to access this db."}
>>
>> However I'm a bit perplexed as to why view_errors.js in the test suite is
>> still passing.
>
> I can see now. I had a non-empty _readers list, and for some reason this was
> preventing even system-level-admin or admin party mode from accessing
> _temp_view. Removing this resource made it work.

If you do a get against /_session does it show you as an admin?

couch_db:check_is_admin() should allow access in this case.

If you can reliably reproduce this, I'd like to fix it.

>
> $ curl http://127.0.0.1:5984/briantest/_readers
> {"names":["brian","brianadmin"],"roles":[]}
>
> $ curl http://127.0.0.1:5984/briantest/_admins
> {"names":["brianadmin"],"roles":[]}
>
> $ curl -d '{}' -X PUT http://127.0.0.1:5984/briantest/_readers
> {"ok":true}
>
> $ curl -X POST -d '{"map":"function(doc) { emit(JSON.stringify(123,null)); }"}' http://127.0.0.1:5984/briantest/_temp_view
> {"total_rows":0,"offset":0,"rows":[]}
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message