diff options
| author | John Christopher Anderson <jchris@apache.org> | 2010-02-12 05:38:57 +0000 |
|---|---|---|
| committer | John Christopher Anderson <jchris@apache.org> | 2010-02-12 05:38:57 +0000 |
| commit | 64a52c788a5b7efb633b8a09d495665ed9a976b7 (patch) | |
| tree | 2e787ce0fde0a07e353279b2b5ab45f9691a39f5 /share/www/script/test/reader_acl.js | |
| parent | 15d10793a32a5fa57c80e9eab8803dc7d284ca6d (diff) | |
move from _admins / _readers / _security to just a single _security object
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@909247 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share/www/script/test/reader_acl.js')
| -rw-r--r-- | share/www/script/test/reader_acl.js | 77 |
1 files changed, 51 insertions, 26 deletions
diff --git a/share/www/script/test/reader_acl.js b/share/www/script/test/reader_acl.js index a5fc6a1a..6f834bfb 100644 --- a/share/www/script/test/reader_acl.js +++ b/share/www/script/test/reader_acl.js @@ -35,9 +35,12 @@ couchTests.reader_acl = function(debug) { T(secretDb.save({_id:"baz",foo:"bar"}).ok); T(secretDb.open("baz").foo == "bar"); - T(secretDb.setDbProperty("_readers", { - roles : ["super-secret-club"], - names : ["joe","barb"]}).ok); + T(secretDb.setSecObj({ + "readers" : { + roles : ["super-secret-club"], + names : ["joe","barb"] + } + }).ok); // can't read it as jchris T(CouchDB.login("jchris@apache.org", "funnybone").ok); T(CouchDB.session().userCtx.name == "jchris@apache.org"); @@ -51,54 +54,76 @@ couchTests.reader_acl = function(debug) { CouchDB.logout(); - // make top-secret an admin - T(secretDb.setDbProperty("_admins", { - roles : ["top-secret"], - names : []}).ok); + // make anyone with the top-secret role an admin + // db admins are automatically readers + T(secretDb.setSecObj({ + "admins" : { + roles : ["top-secret"], + names : [] + }, + "readers" : { + roles : ["super-secret-club"], + names : ["joe","barb"] + } + }).ok); T(CouchDB.login("jchris@apache.org", "funnybone").ok); T(secretDb.open("baz").foo == "bar"); CouchDB.logout(); - - T(secretDb.setDbProperty("_admins", { - roles : [], - names : []}).ok); - - // admin now adds the top-secret role to the db's readers T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1); - T(secretDb.setDbProperty("_readers", { - roles : ["super-secret-club", "top-secret"], - names : ["joe","barb"]}).ok); + // admin now adds the top-secret role to the db's readers + // and removes db-admins + T(secretDb.setSecObj({ + "admins" : { + roles : [], + names : [] + }, + "readers" : { + roles : ["super-secret-club", "top-secret"], + names : ["joe","barb"] + } + }).ok); - // now top-secret users can read it + // server _admin can always read T(secretDb.open("baz").foo == "bar"); + + // now top-secret users can read too T(CouchDB.login("jchris@apache.org", "funnybone").ok); + T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1); T(secretDb.open("baz").foo == "bar"); CouchDB.logout(); // can't set non string reader names or roles try { - secretDb.setDbProperty("_readers", { - roles : ["super-secret-club", {"top-secret":"awesome"}], - names : ["joe","barb"]}); + secretDb.setSecObj({ + "readers" : { + roles : ["super-secret-club", {"top-secret":"awesome"}], + names : ["joe","barb"] + } + }) T(false && "only string roles"); } catch (e) {} try { - secretDb.setDbProperty("_readers", { - roles : ["super-secret-club", "top-secret"], - names : ["joe",22]}); + secretDb.setSecObj({ + "readers" : { + roles : ["super-secret-club", {"top-secret":"awesome"}], + names : ["joe",22] + } + }); T(false && "only string names"); } catch (e) {} try { - secretDb.setDbProperty("_readers", { - roles : ["super-secret-club", "top-secret"], - names : "joe" + secretDb.setSecObj({ + "readers" : { + roles : ["super-secret-club", {"top-secret":"awesome"}], + names : "joe" + } }); T(false && "only lists of names"); } catch (e) {} |