diff options
-rw-r--r-- | share/www/script/test/security_validation.js | 16 | ||||
-rw-r--r-- | src/couchdb/couch_db.erl | 2 |
2 files changed, 14 insertions, 4 deletions
diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js index 5bd70cd0..415c8e70 100644 --- a/share/www/script/test/security_validation.js +++ b/share/www/script/test/security_validation.js @@ -111,6 +111,18 @@ couchTests.security_validation = function(debug) { T(userDb.save(designDoc).ok); + var user2Db = new CouchDB("test_suite_db", + {"WWW-Authenticate": "X-Couch-Test-Auth Jan Lehnardt:apple"} + ); + // Attempt to save the design as a non-admin (in replication scenario) + try { + user2Db.save(designDoc, {new_edits : false}); + T(false && "Can't get here. Should have thrown an error on design doc"); + } catch (e) { + T(e.error == "unauthorized"); + T(user2Db.last_req.status == 401); + } + // test the _session API var resp = userDb.request("GET", "/_session"); var user = JSON.parse(resp.responseText).userCtx; @@ -134,10 +146,6 @@ couchTests.security_validation = function(debug) { } // Now attempt to update the document as a different user, Jan - var user2Db = new CouchDB("test_suite_db", - {"WWW-Authenticate": "X-Couch-Test-Auth Jan Lehnardt:apple"} - ); - var doc = user2Db.open("testdoc"); doc.foo=3; try { diff --git a/src/couchdb/couch_db.erl b/src/couchdb/couch_db.erl index 80f0d7bf..34b4f3fb 100644 --- a/src/couchdb/couch_db.erl +++ b/src/couchdb/couch_db.erl @@ -368,6 +368,8 @@ update_doc(Db, Doc, Options, UpdateType) -> case update_docs(Db, [Doc], Options, UpdateType) of {ok, [{ok, NewRev}]} -> {ok, NewRev}; + {ok, [{{_Id, _Rev}, Error}]} -> + throw(Error); {ok, [Error]} -> throw(Error); {ok, []} -> |