temp_views should be only available to server and database admins

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@931655 13f79535-47bb-0310-9956-ffa450edef68
author: John Christopher Anderson <jchris@apache.org> 2010-04-07 19:51:04 +0000
committer: John Christopher Anderson <jchris@apache.org> 2010-04-07 19:51:04 +0000
commit: 419a3545fadc3993da302fe7a35a773ac0ae0cac (patch)
tree: 3763e9f224b37d7a84207a8044029e629112e5fa /src/couchdb
parent: a1b7461956b28bd0984f4f2e13d8a1228f352227 (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/src/couchdb/couch_db.erl b/src/couchdb/couch_db.erl
index 36ca4a42..622e0ee9 100644
--- a/src/couchdb/couch_db.erl
+++ b/src/couchdb/couch_db.erl
@@ -26,6 +26,7 @@
 -export([set_security/2,get_security/1]).
 -export([init/1,terminate/2,handle_call/3,handle_cast/2,code_change/3,handle_info/2]).
 -export([changes_since/5,changes_since/6,read_doc/2,new_revid/1]).
+-export([check_is_admin/1, check_is_reader/1]).
 
 -include("couch_db.hrl").
 
diff --git a/src/couchdb/couch_httpd_view.erl b/src/couchdb/couch_httpd_view.erl
index 5be702ca..273689e7 100644
--- a/src/couchdb/couch_httpd_view.erl
+++ b/src/couchdb/couch_httpd_view.erl
@@ -77,6 +77,7 @@ handle_view_req(Req, _Db, _DDoc) ->
     send_method_not_allowed(Req, "GET,POST,HEAD").
 
 handle_temp_view_req(#httpd{method='POST'}=Req, Db) ->
+    ok = couch_db:check_is_admin(Db),
     couch_stats_collector:increment({httpd, temporary_view_reads}),
     {Props} = couch_httpd:json_body_obj(Req),
     Language = proplists:get_value(<<"language">>, Props, <<"javascript">>),
author	John Christopher Anderson <jchris@apache.org>	2010-04-07 19:51:04 +0000
committer	John Christopher Anderson <jchris@apache.org>	2010-04-07 19:51:04 +0000
commit	419a3545fadc3993da302fe7a35a773ac0ae0cac (patch)
tree	3763e9f224b37d7a84207a8044029e629112e5fa /src/couchdb
parent	a1b7461956b28bd0984f4f2e13d8a1228f352227 (diff)