temp_views should be only available to server and database admins

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@931655 13f79535-47bb-0310-9956-ffa450edef68
author: John Christopher Anderson <jchris@apache.org> 2010-04-07 19:51:04 +0000
committer: John Christopher Anderson <jchris@apache.org> 2010-04-07 19:51:04 +0000
commit: 419a3545fadc3993da302fe7a35a773ac0ae0cac (patch)
tree: 3763e9f224b37d7a84207a8044029e629112e5fa /src/couchdb/couch_httpd_view.erl
parent: a1b7461956b28bd0984f4f2e13d8a1228f352227 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/couchdb/couch_httpd_view.erl b/src/couchdb/couch_httpd_view.erl
index 5be702ca..273689e7 100644
--- a/src/couchdb/couch_httpd_view.erl
+++ b/src/couchdb/couch_httpd_view.erl
@@ -77,6 +77,7 @@ handle_view_req(Req, _Db, _DDoc) ->
     send_method_not_allowed(Req, "GET,POST,HEAD").
 
 handle_temp_view_req(#httpd{method='POST'}=Req, Db) ->
+    ok = couch_db:check_is_admin(Db),
     couch_stats_collector:increment({httpd, temporary_view_reads}),
     {Props} = couch_httpd:json_body_obj(Req),
     Language = proplists:get_value(<<"language">>, Props, <<"javascript">>),
author	John Christopher Anderson <jchris@apache.org>	2010-04-07 19:51:04 +0000
committer	John Christopher Anderson <jchris@apache.org>	2010-04-07 19:51:04 +0000
commit	419a3545fadc3993da302fe7a35a773ac0ae0cac (patch)
tree	3763e9f224b37d7a84207a8044029e629112e5fa /src/couchdb/couch_httpd_view.erl
parent	a1b7461956b28bd0984f4f2e13d8a1228f352227 (diff)