move from _admins / _readers / _security to just a single _security object

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@909247 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 59 insertions, 32 deletions

diff --git a/share/www/script/couch.js b/share/www/script/couch.js
index 4438a870..c5495424 100644
--- a/share/www/script/couch.js
+++ b/share/www/script/couch.js
@@ -263,16 +263,16 @@ function CouchDB(name, httpHeaders) {
     return JSON.parse(this.last_req.responseText);
   }
 
-  this.setAdmins = function(adminsArray) {
-    this.last_req = this.request("PUT", this.uri + "_admins",{
-      body:JSON.stringify(adminsArray)
+  this.setSecObj = function(secObj) {
+    this.last_req = this.request("PUT", this.uri + "_security",{
+      body:JSON.stringify(secObj)
     });
     CouchDB.maybeThrowError(this.last_req);
     return JSON.parse(this.last_req.responseText);
   }
 
-  this.getAdmins = function() {
-    this.last_req = this.request("GET", this.uri + "_admins");
+  this.getSecObj = function() {
+    this.last_req = this.request("GET", this.uri + "_security");
     CouchDB.maybeThrowError(this.last_req);
     return JSON.parse(this.last_req.responseText);
   }
diff --git a/share/www/script/test/reader_acl.js b/share/www/script/test/reader_acl.js
index a5fc6a1a..6f834bfb 100644
--- a/share/www/script/test/reader_acl.js
+++ b/share/www/script/test/reader_acl.js
@@ -35,9 +35,12 @@ couchTests.reader_acl = function(debug) {
       T(secretDb.save({_id:"baz",foo:"bar"}).ok);
       T(secretDb.open("baz").foo == "bar");
 
-      T(secretDb.setDbProperty("_readers", {
-        roles : ["super-secret-club"],
-        names : ["joe","barb"]}).ok);
+      T(secretDb.setSecObj({
+        "readers" : {
+          roles : ["super-secret-club"],
+          names : ["joe","barb"]
+        }
+      }).ok);
       // can't read it as jchris
       T(CouchDB.login("jchris@apache.org", "funnybone").ok);
       T(CouchDB.session().userCtx.name == "jchris@apache.org");
@@ -51,54 +54,76 @@ couchTests.reader_acl = function(debug) {
 
       CouchDB.logout();
       
-      // make top-secret an admin
-      T(secretDb.setDbProperty("_admins", {
-        roles : ["top-secret"],
-        names : []}).ok);
+      // make anyone with the top-secret role an admin
+      // db admins are automatically readers
+      T(secretDb.setSecObj({
+        "admins" : {
+          roles : ["top-secret"],
+          names : []
+        },
+        "readers" : {
+          roles : ["super-secret-club"],
+          names : ["joe","barb"]
+        }
+      }).ok);
 
       T(CouchDB.login("jchris@apache.org", "funnybone").ok);
 
       T(secretDb.open("baz").foo == "bar");
 
       CouchDB.logout();
-
-      T(secretDb.setDbProperty("_admins", {
-        roles : [],
-        names : []}).ok);
-
-      // admin now adds the top-secret role to the db's readers
       T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1);
 
-      T(secretDb.setDbProperty("_readers", {
-        roles : ["super-secret-club", "top-secret"],
-        names : ["joe","barb"]}).ok);
+      // admin now adds the top-secret role to the db's readers
+      // and removes db-admins
+      T(secretDb.setSecObj({
+        "admins" : {
+          roles : [],
+          names : []
+        },
+        "readers" : {
+          roles : ["super-secret-club", "top-secret"],
+          names : ["joe","barb"]
+        }
+      }).ok);
 
-      // now top-secret users can read it
+      // server _admin can always read
       T(secretDb.open("baz").foo == "bar");
+
+      // now top-secret users can read too
       T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+      T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1);
       T(secretDb.open("baz").foo == "bar");
       
       CouchDB.logout();
 
       // can't set non string reader names or roles
       try {
-        secretDb.setDbProperty("_readers", {
-          roles : ["super-secret-club", {"top-secret":"awesome"}],
-          names : ["joe","barb"]});
+        secretDb.setSecObj({
+          "readers" : {
+            roles : ["super-secret-club", {"top-secret":"awesome"}],
+            names : ["joe","barb"]
+          }
+        })
         T(false && "only string roles");
       } catch (e) {}
 
       try {
-        secretDb.setDbProperty("_readers", {
-          roles : ["super-secret-club", "top-secret"],
-          names : ["joe",22]});
+        secretDb.setSecObj({
+          "readers" : {
+            roles : ["super-secret-club", {"top-secret":"awesome"}],
+            names : ["joe",22]
+          }
+        });
         T(false && "only string names");
       } catch (e) {}
       
       try {
-        secretDb.setDbProperty("_readers", {
-          roles : ["super-secret-club", "top-secret"],
-          names : "joe"
+        secretDb.setSecObj({
+          "readers" : {
+            roles : ["super-secret-club", {"top-secret":"awesome"}],
+            names : "joe"
+          }
         });
         T(false && "only lists of names");
       } catch (e) {}
diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js
index d618a5ac..94fe62c4 100644
--- a/share/www/script/test/security_validation.js
+++ b/share/www/script/test/security_validation.js
@@ -105,7 +105,9 @@ couchTests.security_validation = function(debug) {
       }
 
       // set user as the admin
-      T(db.setDbProperty("_admins", {names : ["Damien Katz"]}).ok);
+      T(db.setSecObj({
+        admins : {names : ["Damien Katz"]}
+      }).ok);
 
       T(userDb.save(designDoc).ok);