diff options
author | John Christopher Anderson <jchris@apache.org> | 2010-04-07 19:51:04 +0000 |
---|---|---|
committer | John Christopher Anderson <jchris@apache.org> | 2010-04-07 19:51:04 +0000 |
commit | 419a3545fadc3993da302fe7a35a773ac0ae0cac (patch) | |
tree | 3763e9f224b37d7a84207a8044029e629112e5fa | |
parent | a1b7461956b28bd0984f4f2e13d8a1228f352227 (diff) |
temp_views should be only available to server and database admins
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@931655 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | share/www/script/test/reader_acl.js | 18 | ||||
-rw-r--r-- | src/couchdb/couch_db.erl | 1 | ||||
-rw-r--r-- | src/couchdb/couch_httpd_view.erl | 1 |
3 files changed, 20 insertions, 0 deletions
diff --git a/share/www/script/test/reader_acl.js b/share/www/script/test/reader_acl.js index a3b6bd88..cc249ea4 100644 --- a/share/www/script/test/reader_acl.js +++ b/share/www/script/test/reader_acl.js @@ -76,10 +76,17 @@ couchTests.reader_acl = function(debug) { } }).ok); + T(CouchDB.login("jchris@apache.org", "funnybone").ok); + // db admin can read T(secretDb.open("baz").foo == "bar"); + // and run temp views + TEquals(secretDb.query(function(doc) { + emit(null, null) + }).total_rows, 1); + CouchDB.logout(); T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1); @@ -120,6 +127,17 @@ couchTests.reader_acl = function(debug) { // readers can query stored views T(secretDb.view("foo/bar").total_rows == 1); + // readers can't do temp views + try { + var results = secretDb.query(function(doc) { + emit(null, null); + }); + T(false && "temp view should be admin only"); + } catch (e) { + T(true && "temp view is admin only"); + } + + CouchDB.logout(); // can't set non string reader names or roles diff --git a/src/couchdb/couch_db.erl b/src/couchdb/couch_db.erl index 36ca4a42..622e0ee9 100644 --- a/src/couchdb/couch_db.erl +++ b/src/couchdb/couch_db.erl @@ -26,6 +26,7 @@ -export([set_security/2,get_security/1]). -export([init/1,terminate/2,handle_call/3,handle_cast/2,code_change/3,handle_info/2]). -export([changes_since/5,changes_since/6,read_doc/2,new_revid/1]). +-export([check_is_admin/1, check_is_reader/1]). -include("couch_db.hrl"). diff --git a/src/couchdb/couch_httpd_view.erl b/src/couchdb/couch_httpd_view.erl index 5be702ca..273689e7 100644 --- a/src/couchdb/couch_httpd_view.erl +++ b/src/couchdb/couch_httpd_view.erl @@ -77,6 +77,7 @@ handle_view_req(Req, _Db, _DDoc) -> send_method_not_allowed(Req, "GET,POST,HEAD"). handle_temp_view_req(#httpd{method='POST'}=Req, Db) -> + ok = couch_db:check_is_admin(Db), couch_stats_collector:increment({httpd, temporary_view_reads}), {Props} = couch_httpd:json_body_obj(Req), Language = proplists:get_value(<<"language">>, Props, <<"javascript">>), |