diff options
| author | John Christopher Anderson <jchris@apache.org> | 2010-04-07 19:51:04 +0000 |
|---|---|---|
| committer | John Christopher Anderson <jchris@apache.org> | 2010-04-07 19:51:04 +0000 |
| commit | 419a3545fadc3993da302fe7a35a773ac0ae0cac (patch) | |
| tree | 3763e9f224b37d7a84207a8044029e629112e5fa /share | |
| parent | a1b7461956b28bd0984f4f2e13d8a1228f352227 (diff) | |
temp_views should be only available to server and database admins
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@931655 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share')
| -rw-r--r-- | share/www/script/test/reader_acl.js | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/share/www/script/test/reader_acl.js b/share/www/script/test/reader_acl.js index a3b6bd88..cc249ea4 100644 --- a/share/www/script/test/reader_acl.js +++ b/share/www/script/test/reader_acl.js @@ -76,10 +76,17 @@ couchTests.reader_acl = function(debug) { } }).ok); + T(CouchDB.login("jchris@apache.org", "funnybone").ok); + // db admin can read T(secretDb.open("baz").foo == "bar"); + // and run temp views + TEquals(secretDb.query(function(doc) { + emit(null, null) + }).total_rows, 1); + CouchDB.logout(); T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1); @@ -120,6 +127,17 @@ couchTests.reader_acl = function(debug) { // readers can query stored views T(secretDb.view("foo/bar").total_rows == 1); + // readers can't do temp views + try { + var results = secretDb.query(function(doc) { + emit(null, null); + }); + T(false && "temp view should be admin only"); + } catch (e) { + T(true && "temp view is admin only"); + } + + CouchDB.logout(); // can't set non string reader names or roles |