diff options
| -rw-r--r-- | share/www/script/test/replicator_db.js | 62 | ||||
| -rw-r--r-- | src/couchdb/couch_js_functions.hrl | 53 | ||||
| -rw-r--r-- | src/couchdb/couch_rep.erl | 2 |
3 files changed, 15 insertions, 102 deletions
diff --git a/share/www/script/test/replicator_db.js b/share/www/script/test/replicator_db.js index 30468006..2e558f3e 100644 --- a/share/www/script/test/replicator_db.js +++ b/share/www/script/test/replicator_db.js @@ -470,64 +470,6 @@ couchTests.replicator_db = function(debug) { } - function rep_db_write_authorization() { - populate_db(dbA, docs1); - populate_db(dbB, []); - - var server_admins_config = [ - { - section: "admins", - key: "fdmanana", - value: "qwerty" - } - ]; - - run_on_modified_server(server_admins_config, function() { - var repDoc = { - _id: "foo_rep_doc", - source: dbA.name, - target: dbB.name - }; - - try { - repDb.save(repDoc); - T(false && "Should have thrown an exception"); - } catch (x) { - T(x["error"] === "forbidden"); - } - - T(CouchDB.login("fdmanana", "qwerty").ok); - T(CouchDB.session().userCtx.name === "fdmanana"); - T(CouchDB.session().userCtx.roles.indexOf("_admin") !== -1); - - T(repDb.save(repDoc).ok); - - waitForRep(repDb, repDoc, "completed"); - for (var i = 0; i < docs1.length; i++) { - var doc = docs1[i]; - var copy = dbB.open(doc._id); - T(copy !== null); - T(copy.value === doc.value); - } - - repDoc = repDb.open("foo_rep_doc"); - T(repDoc !== null); - - repDoc.target = "test_suite_foo_db"; - repDoc.create_target = true; - - // Only the replicator can update replication documents. - // Admins can only add and delete replication documents. - try { - repDb.save(repDoc); - T(false && "Should have thrown an exception"); - } catch (x) { - T(x["error"] === "forbidden"); - } - }); - } - - function test_replication_credentials_delegation() { populate_db(usersDb, []); @@ -745,10 +687,6 @@ couchTests.replicator_db = function(debug) { restartServer(); run_on_modified_server(server_config, identical_continuous_rep_docs); - repDb.deleteDb(); - restartServer(); - run_on_modified_server(server_config, rep_db_write_authorization); - var server_config_2 = server_config.concat([ { section: "couch_httpd_auth", diff --git a/src/couchdb/couch_js_functions.hrl b/src/couchdb/couch_js_functions.hrl index f850dd4c..e2121aa9 100644 --- a/src/couchdb/couch_js_functions.hrl +++ b/src/couchdb/couch_js_functions.hrl @@ -99,55 +99,32 @@ -define(REP_DB_DOC_VALIDATE_FUN, <<" function(newDoc, oldDoc, userCtx) { - var isAdmin = (userCtx.roles.indexOf('_admin') >= 0); - var isReplicator = (userCtx.roles.indexOf('_replicator') >= 0); - - if (oldDoc && !newDoc._deleted && !isReplicator) { - throw({forbidden: - 'Only the replicator can edit replication documents. ' + - 'Admins can only add and delete replication documents.' - }); - } else if (!isAdmin) { - throw({forbidden: - 'Only admins may add/delete replication documents.' - }); - } - - if (!oldDoc && newDoc.state) { - throw({forbidden: - 'The state field can only be set by the replicator.' - }); - } + if (newDoc.user_ctx) { - if (!oldDoc && newDoc.replication_id) { - throw({forbidden: - 'The replication_id field can only be set by the replicator.' - }); - } + function reportError(error_msg) { + log('Error writing document ' + newDoc._id + + ' to replicator DB: ' + error_msg); + throw({forbidden: error_msg}); + } - if (newDoc.user_ctx) { var user_ctx = newDoc.user_ctx; if (typeof user_ctx !== 'object') { - throw({forbidden: 'The user_ctx property must be an object.'}); + reportError('The user_ctx property must be an object.'); } if (!(user_ctx.name === null || (typeof user_ctx.name === 'undefined') || ((typeof user_ctx.name === 'string') && user_ctx.name.length > 0))) { - throw({forbidden: - 'The name property of the user_ctx must be a ' + - 'non-empty string.' - }); + reportError('The name property of the user_ctx must be a ' + + 'non-empty string.'); } if ((typeof user_ctx.roles !== 'undefined') && (typeof user_ctx.roles.length !== 'number')) { - throw({forbidden: - 'The roles property of the user_ctx must be ' + - 'an array of strings.' - }); + reportError('The roles property of the user_ctx must be ' + + 'an array of strings.'); } if (user_ctx.roles) { @@ -155,13 +132,11 @@ var role = user_ctx.roles[i]; if (typeof role !== 'string' || role.length === 0) { - throw({forbidden: 'Roles must be non-empty strings.'}); + reportError('Each role must be a non-empty string.'); } if (role[0] === '_') { - throw({forbidden: - 'System roles (starting with underscore) ' + - 'are not allowed.' - }); + reportError('System roles (starting with underscore) ' + + 'are not allowed.'); } } } diff --git a/src/couchdb/couch_rep.erl b/src/couchdb/couch_rep.erl index d35471c5..e288efa6 100644 --- a/src/couchdb/couch_rep.erl +++ b/src/couchdb/couch_rep.erl @@ -862,7 +862,7 @@ maybe_set_triggered({RepProps} = RepDoc, RepId) -> ensure_rep_db_exists() -> DbName = ?l2b(couch_config:get("replicator", "db", "_replicator")), Opts = [ - {user_ctx, #user_ctx{roles=[<<"_admin">>, <<"_replicator">>]}}, + {user_ctx, #user_ctx{roles=[<<"_admin">>]}}, sys_db ], case couch_db:open(DbName, Opts) of |