Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 13770 invoked from network); 9 Feb 2010 10:04:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 9 Feb 2010 10:04:52 -0000 Received: (qmail 64010 invoked by uid 500); 9 Feb 2010 10:04:51 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 63920 invoked by uid 500); 9 Feb 2010 10:04:51 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 63910 invoked by uid 99); 9 Feb 2010 10:04:51 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Feb 2010 10:04:51 +0000 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=NORMAL_HTTP_TO_IP,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of b.candler@pobox.com designates 208.72.237.25 as permitted sender) Received: from [208.72.237.25] (HELO sasl.smtp.pobox.com) (208.72.237.25) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Feb 2010 10:04:41 +0000 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 2CCCE989FC for ; Tue, 9 Feb 2010 05:04:21 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=apI7Z/Hlfq9ux8FRbAlXff5jJ+c=; b=MfU1AEP LaVo7VflJwDNz/MbhOgyvlZYpj4UlA56HBtzVSSoXQ4gk/LyHn7NHGmi3qDp+4C8 NhjRBOr0lhXuhhQyciUeBIG/YgUnPmN+j1XNpCXrUvly++BNTrVcVxc4TYsbRfVD kMM2v6wPQKAaSoEaOsaZtr1BGz6KMjMeD0oI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=A9vdx62mW7cPWmkickiz6WZYKp8FsTHev 4iVu1om66oWlyKaN8AeBFpEEzQYCHJxz5n0IEz/bcDcdSlZHVQhSeVb01mbHKJjp d+lxTl3kNVifUKtyyaEVJY/u2iPAc3WnZutgOcBpz8SDVb/PUnH2uMD055VqPjcE LNXmw1/Kks= Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 29295989FB for ; Tue, 9 Feb 2010 05:04:21 -0500 (EST) Received: from zino (unknown [87.194.77.98]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id E401E989F9 for ; Tue, 9 Feb 2010 05:04:20 -0500 (EST) Received: from lists by zino with local (Exim 4.69) (envelope-from ) id 1Nemx9-0001NL-Uh for dev@couchdb.apache.org; Tue, 09 Feb 2010 10:04:19 +0000 Date: Tue, 9 Feb 2010 10:04:19 +0000 From: Brian Candler To: dev@couchdb.apache.org Subject: Re: DB ACLs (was Re: 0.11 Release / Feature Freeze for 1.0) Message-ID: <20100209100419.GB5270@uk.tiscali.com> References: <20100203212426.GA10515@uk.tiscali.com> <015a01caa529$3d24e230$b76ea690$@com> <2C591A9F-55E4-49DD-A3E3-9BA075EAE633@apache.org> <20100205224225.GA8463@uk.tiscali.com> <20100206095856.GA5057@uk.tiscali.com> <20100207091927.GA4771@uk.tiscali.com> <20100208161946.GA6227@uk.tiscali.com> <20100209100053.GA5270@uk.tiscali.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100209100053.GA5270@uk.tiscali.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Pobox-Relay-ID: 7E1E5286-1562-11DF-B7D1-6AF7ED7EF46B-28021239!a-pb-sasl-quonix.pobox.com On Tue, Feb 09, 2010 at 10:00:53AM +0000, Brian Candler wrote: > Even going back to Admin Party it doesn't work: > > $ curl -X POST -d '{"map":"function(doc) {}"}' http://127.0.0.1:5984/briantest/_temp_view > {"error":"unauthorized","reason":"You are not authorized to access this db."} > > However I'm a bit perplexed as to why view_errors.js in the test suite is > still passing. I can see now. I had a non-empty _readers list, and for some reason this was preventing even system-level-admin or admin party mode from accessing _temp_view. Removing this resource made it work. $ curl http://127.0.0.1:5984/briantest/_readers {"names":["brian","brianadmin"],"roles":[]} $ curl http://127.0.0.1:5984/briantest/_admins {"names":["brianadmin"],"roles":[]} $ curl -d '{}' -X PUT http://127.0.0.1:5984/briantest/_readers {"ok":true} $ curl -X POST -d '{"map":"function(doc) { emit(JSON.stringify(123,null)); }"}' http://127.0.0.1:5984/briantest/_temp_view {"total_rows":0,"offset":0,"rows":[]}