better validations on users db

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@897521 13f79535-47bb-0310-9956-ffa450edef68
author: John Christopher Anderson <jchris@apache.org> 2010-01-09 19:05:31 +0000
committer: John Christopher Anderson <jchris@apache.org> 2010-01-09 19:05:31 +0000
commit: a4d7386889ac73a69592a9c4b4e26f6c44b8e46f (patch)
tree: 6f60b7bf2b418c6c94729f7c2dfd7c9dc92081c3 /src/couchdb
parent: 9c3377b041f07be4bef472c0cd19cfe6e97f194d (diff)
1 files changed, 17 insertions, 9 deletions
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 554886ca..a1222df4 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -130,7 +130,13 @@ get_user_props_from_db(UserName) ->
     try couch_httpd_db:couch_doc_open(Db, DocId, nil, []) of
         #doc{}=Doc ->
             {DocProps} = couch_query_servers:json_doc(Doc),
-            DocProps
+            case proplists:get_value(<<"type">>, DocProps) of
+                <<"user">> -> 
+                    DocProps;
+                _Else -> 
+                    ?LOG_ERROR("Invalid user doc. Id: ~p",[DocId]),
+                    nil
+            end
     catch
         throw:Throw ->
             nil        
@@ -164,19 +170,21 @@ auth_design_doc(DocId) ->
     DocProps = [
         {<<"_id">>, DocId},
         {<<"language">>,<<"javascript">>},
-        {<<"views">>,
-            {[{<<"users">>,
-                {[{<<"map">>,
-                    <<"function (doc) {\n if (doc.type == \"user\") {\n        emit(doc.username, doc);\n}\n}">>
-                }]}
-            }]}
-        },
         {
             <<"validate_doc_update">>,
             <<"function(newDoc, oldDoc, userCtx) {
-                if (newDoc.type != 'user') {
+                if ((oldDoc || newDoc).type != 'user') {
                     return;
                 } // we only validate user docs for now
+                if (newDoc._deleted === true) {
+                    // allow deletes by admins and matching users 
+                    // without checking the other fields
+                    if ((userCtx.roles.indexOf('_admin') != -1) || (userCtx.name == oldDoc.username)) {
+                        return;
+                    } else {
+                        throw({forbidden : 'Only admins may delete other user docs.'});
+                    }
+                }
                 if (!newDoc.username) {
                     throw({forbidden : 'doc.username is required'});
                 }
author	John Christopher Anderson <jchris@apache.org>	2010-01-09 19:05:31 +0000
committer	John Christopher Anderson <jchris@apache.org>	2010-01-09 19:05:31 +0000
commit	a4d7386889ac73a69592a9c4b4e26f6c44b8e46f (patch)
tree	6f60b7bf2b418c6c94729f7c2dfd7c9dc92081c3 /src/couchdb
parent	9c3377b041f07be4bef472c0cd19cfe6e97f194d (diff)