diff options
| -rw-r--r-- | share/www/script/test/security_validation.js | 6 | ||||
| -rw-r--r-- | src/couchdb/couch_db.erl | 4 |
2 files changed, 9 insertions, 1 deletions
diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js index 9ecb9ba0..d618a5ac 100644 --- a/share/www/script/test/security_validation.js +++ b/share/www/script/test/security_validation.js @@ -187,6 +187,12 @@ couchTests.security_validation = function(debug) { T(db.setDbProperty("_security", {admin_override : true}).ok); T(db.save(doc).ok); + // try to do something lame + try { + db.setDbProperty("_security", ["foo"]); + T(false && "can't do this"); + } catch(e) {} + // go back to normal T(db.setDbProperty("_security", {admin_override : false}).ok); diff --git a/src/couchdb/couch_db.erl b/src/couchdb/couch_db.erl index aee3bf95..39ce6a9b 100644 --- a/src/couchdb/couch_db.erl +++ b/src/couchdb/couch_db.erl @@ -294,7 +294,9 @@ get_security(#db{security=SecProps}) -> set_security(#db{security=SecProps, update_pid=Pid}=Db, {SecObjProps}) when is_list(SecObjProps) -> check_is_admin(Db), SecProps2 = update_sec_field(sec_obj, SecProps, {SecObjProps}), - gen_server:call(Pid, {set_security, SecProps2}, infinity). + gen_server:call(Pid, {set_security, SecProps2}, infinity); +set_security(_, _) -> + throw(bad_request). update_sec_field(Field, SecProps, Value) -> Admins = proplists:get_value(admins, SecProps, {[]}), |