diff options
author | Filipe David Borba Manana <fdmanana@apache.org> | 2010-11-17 11:41:44 +0000 |
---|---|---|
committer | Filipe David Borba Manana <fdmanana@apache.org> | 2010-11-17 11:41:44 +0000 |
commit | e058233672db611c9046f1af69952d093db09606 (patch) | |
tree | 19ec539bdf03543e930014bbcb8995bd892afa78 | |
parent | 2fd61c4f5174e297ca09dd63f6916820328d3ebd (diff) |
Replicator DB: removed some restrictions from the default document update validation function and added some logging.
1) Now it's easier to replicate to the replicator DB and by default it's writable by any user
(just like any user can POST to /_replicate/);
2) The logging in the document validation function allows us to see in the log, after a replication,
why a document was not written to the target replicator DB.
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@1035986 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | share/www/script/test/replicator_db.js | 62 | ||||
-rw-r--r-- | src/couchdb/couch_js_functions.hrl | 53 | ||||
-rw-r--r-- | src/couchdb/couch_rep.erl | 2 |
3 files changed, 15 insertions, 102 deletions
diff --git a/share/www/script/test/replicator_db.js b/share/www/script/test/replicator_db.js index 30468006..2e558f3e 100644 --- a/share/www/script/test/replicator_db.js +++ b/share/www/script/test/replicator_db.js @@ -470,64 +470,6 @@ couchTests.replicator_db = function(debug) { } - function rep_db_write_authorization() { - populate_db(dbA, docs1); - populate_db(dbB, []); - - var server_admins_config = [ - { - section: "admins", - key: "fdmanana", - value: "qwerty" - } - ]; - - run_on_modified_server(server_admins_config, function() { - var repDoc = { - _id: "foo_rep_doc", - source: dbA.name, - target: dbB.name - }; - - try { - repDb.save(repDoc); - T(false && "Should have thrown an exception"); - } catch (x) { - T(x["error"] === "forbidden"); - } - - T(CouchDB.login("fdmanana", "qwerty").ok); - T(CouchDB.session().userCtx.name === "fdmanana"); - T(CouchDB.session().userCtx.roles.indexOf("_admin") !== -1); - - T(repDb.save(repDoc).ok); - - waitForRep(repDb, repDoc, "completed"); - for (var i = 0; i < docs1.length; i++) { - var doc = docs1[i]; - var copy = dbB.open(doc._id); - T(copy !== null); - T(copy.value === doc.value); - } - - repDoc = repDb.open("foo_rep_doc"); - T(repDoc !== null); - - repDoc.target = "test_suite_foo_db"; - repDoc.create_target = true; - - // Only the replicator can update replication documents. - // Admins can only add and delete replication documents. - try { - repDb.save(repDoc); - T(false && "Should have thrown an exception"); - } catch (x) { - T(x["error"] === "forbidden"); - } - }); - } - - function test_replication_credentials_delegation() { populate_db(usersDb, []); @@ -745,10 +687,6 @@ couchTests.replicator_db = function(debug) { restartServer(); run_on_modified_server(server_config, identical_continuous_rep_docs); - repDb.deleteDb(); - restartServer(); - run_on_modified_server(server_config, rep_db_write_authorization); - var server_config_2 = server_config.concat([ { section: "couch_httpd_auth", diff --git a/src/couchdb/couch_js_functions.hrl b/src/couchdb/couch_js_functions.hrl index f850dd4c..e2121aa9 100644 --- a/src/couchdb/couch_js_functions.hrl +++ b/src/couchdb/couch_js_functions.hrl @@ -99,55 +99,32 @@ -define(REP_DB_DOC_VALIDATE_FUN, <<" function(newDoc, oldDoc, userCtx) { - var isAdmin = (userCtx.roles.indexOf('_admin') >= 0); - var isReplicator = (userCtx.roles.indexOf('_replicator') >= 0); - - if (oldDoc && !newDoc._deleted && !isReplicator) { - throw({forbidden: - 'Only the replicator can edit replication documents. ' + - 'Admins can only add and delete replication documents.' - }); - } else if (!isAdmin) { - throw({forbidden: - 'Only admins may add/delete replication documents.' - }); - } - - if (!oldDoc && newDoc.state) { - throw({forbidden: - 'The state field can only be set by the replicator.' - }); - } + if (newDoc.user_ctx) { - if (!oldDoc && newDoc.replication_id) { - throw({forbidden: - 'The replication_id field can only be set by the replicator.' - }); - } + function reportError(error_msg) { + log('Error writing document ' + newDoc._id + + ' to replicator DB: ' + error_msg); + throw({forbidden: error_msg}); + } - if (newDoc.user_ctx) { var user_ctx = newDoc.user_ctx; if (typeof user_ctx !== 'object') { - throw({forbidden: 'The user_ctx property must be an object.'}); + reportError('The user_ctx property must be an object.'); } if (!(user_ctx.name === null || (typeof user_ctx.name === 'undefined') || ((typeof user_ctx.name === 'string') && user_ctx.name.length > 0))) { - throw({forbidden: - 'The name property of the user_ctx must be a ' + - 'non-empty string.' - }); + reportError('The name property of the user_ctx must be a ' + + 'non-empty string.'); } if ((typeof user_ctx.roles !== 'undefined') && (typeof user_ctx.roles.length !== 'number')) { - throw({forbidden: - 'The roles property of the user_ctx must be ' + - 'an array of strings.' - }); + reportError('The roles property of the user_ctx must be ' + + 'an array of strings.'); } if (user_ctx.roles) { @@ -155,13 +132,11 @@ var role = user_ctx.roles[i]; if (typeof role !== 'string' || role.length === 0) { - throw({forbidden: 'Roles must be non-empty strings.'}); + reportError('Each role must be a non-empty string.'); } if (role[0] === '_') { - throw({forbidden: - 'System roles (starting with underscore) ' + - 'are not allowed.' - }); + reportError('System roles (starting with underscore) ' + + 'are not allowed.'); } } } diff --git a/src/couchdb/couch_rep.erl b/src/couchdb/couch_rep.erl index d35471c5..e288efa6 100644 --- a/src/couchdb/couch_rep.erl +++ b/src/couchdb/couch_rep.erl @@ -862,7 +862,7 @@ maybe_set_triggered({RepProps} = RepDoc, RepId) -> ensure_rep_db_exists() -> DbName = ?l2b(couch_config:get("replicator", "db", "_replicator")), Opts = [ - {user_ctx, #user_ctx{roles=[<<"_admin">>, <<"_replicator">>]}}, + {user_ctx, #user_ctx{roles=[<<"_admin">>]}}, sys_db ], case couch_db:open(DbName, Opts) of |