summaryrefslogtreecommitdiff
path: root/src/couchdb
diff options
context:
space:
mode:
authorJohn Christopher Anderson <jchris@apache.org>2010-01-09 19:05:31 +0000
committerJohn Christopher Anderson <jchris@apache.org>2010-01-09 19:05:31 +0000
commita4d7386889ac73a69592a9c4b4e26f6c44b8e46f (patch)
tree6f60b7bf2b418c6c94729f7c2dfd7c9dc92081c3 /src/couchdb
parent9c3377b041f07be4bef472c0cd19cfe6e97f194d (diff)
better validations on users db
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@897521 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'src/couchdb')
-rw-r--r--src/couchdb/couch_httpd_auth.erl26
1 files changed, 17 insertions, 9 deletions
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 554886ca..a1222df4 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -130,7 +130,13 @@ get_user_props_from_db(UserName) ->
try couch_httpd_db:couch_doc_open(Db, DocId, nil, []) of
#doc{}=Doc ->
{DocProps} = couch_query_servers:json_doc(Doc),
- DocProps
+ case proplists:get_value(<<"type">>, DocProps) of
+ <<"user">> ->
+ DocProps;
+ _Else ->
+ ?LOG_ERROR("Invalid user doc. Id: ~p",[DocId]),
+ nil
+ end
catch
throw:Throw ->
nil
@@ -164,19 +170,21 @@ auth_design_doc(DocId) ->
DocProps = [
{<<"_id">>, DocId},
{<<"language">>,<<"javascript">>},
- {<<"views">>,
- {[{<<"users">>,
- {[{<<"map">>,
- <<"function (doc) {\n if (doc.type == \"user\") {\n emit(doc.username, doc);\n}\n}">>
- }]}
- }]}
- },
{
<<"validate_doc_update">>,
<<"function(newDoc, oldDoc, userCtx) {
- if (newDoc.type != 'user') {
+ if ((oldDoc || newDoc).type != 'user') {
return;
} // we only validate user docs for now
+ if (newDoc._deleted === true) {
+ // allow deletes by admins and matching users
+ // without checking the other fields
+ if ((userCtx.roles.indexOf('_admin') != -1) || (userCtx.name == oldDoc.username)) {
+ return;
+ } else {
+ throw({forbidden : 'Only admins may delete other user docs.'});
+ }
+ }
if (!newDoc.username) {
throw({forbidden : 'doc.username is required'});
}