summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--share/Makefile.am2
-rw-r--r--share/www/database.html2
-rw-r--r--share/www/dialog/_database_security.html50
-rw-r--r--share/www/script/couch_tests.js1
-rw-r--r--share/www/script/futon.browse.js26
-rw-r--r--share/www/script/jquery.couch.js19
-rw-r--r--share/www/script/test/reader_acl.js95
-rw-r--r--share/www/script/test/security_validation.js38
-rw-r--r--share/www/style/layout.css1
-rw-r--r--src/couchdb/couch_db.erl132
-rw-r--r--src/couchdb/couch_db.hrl8
-rw-r--r--src/couchdb/couch_db_updater.erl37
-rw-r--r--src/couchdb/couch_doc.erl4
-rw-r--r--src/couchdb/couch_httpd_db.erl25
-rw-r--r--src/couchdb/couch_query_servers.erl6
15 files changed, 389 insertions, 57 deletions
diff --git a/share/Makefile.am b/share/Makefile.am
index a66e065a4..0288ada6 100644
--- a/share/Makefile.am
+++ b/share/Makefile.am
@@ -48,6 +48,7 @@ nobase_dist_localdata_DATA = \
www/dialog/_create_database.html \
www/dialog/_delete_database.html \
www/dialog/_delete_document.html \
+ www/dialog/_database_security.html \
www/dialog/_save_view_as.html \
www/dialog/_upload_attachment.html \
www/document.html \
@@ -134,6 +135,7 @@ nobase_dist_localdata_DATA = \
www/script/test/multiple_rows.js \
www/script/test/oauth.js \
www/script/test/purge.js \
+ www/script/test/reader_acl.js \
www/script/test/recreate_doc.js \
www/script/test/reduce.js \
www/script/test/reduce_builtin.js \
diff --git a/share/www/database.html b/share/www/database.html
index ea15a66f..7bc04c11 100644
--- a/share/www/database.html
+++ b/share/www/database.html
@@ -117,6 +117,7 @@ specific language governing permissions and limitations under the License.
$("#toolbar button.add").click(page.newDocument);
$("#toolbar button.compact").click(page.compactAndCleanup);
$("#toolbar button.delete").click(page.deleteDatabase);
+ $("#toolbar button.security").click(page.databaseSecurity);
$('#jumpto input').suggest(function(text, callback) {
page.db.allDocs({
@@ -161,6 +162,7 @@ specific language governing permissions and limitations under the License.
</div>
<ul id="toolbar">
<li><button class="add">New Document</button></li>
+ <li><button class="security">Security…</button></li>
<li><button class="compact">Compact &amp; Cleanup…</button></li>
<li><button class="delete">Delete Database…</button></li>
</ul>
diff --git a/share/www/dialog/_database_security.html b/share/www/dialog/_database_security.html
new file mode 100644
index 00000000..71771f9e
--- /dev/null
+++ b/share/www/dialog/_database_security.html
@@ -0,0 +1,50 @@
+<!--
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License. You may obtain a copy of the
+License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+
+-->
+<form action="" method="post">
+ <h2>Admins and Readers</h2>
+ <p class="help">
+ Each database contains lists of admins and readers.
+ Admins and readers are each defined by <tt>names</tt> and <tt>roles</tt>, which are lists of strings. For example, if the readers is defined by <tt>names ["jane", "mike"]</tt> and roles <tt>["bbq"]</tt> then anyone with a <tt>"bbq"</tt> role can read the database. Yummy!
+ </p>
+ <fieldset>
+ <h3>Admins</h3>
+ <p class="help">Database admins can update design documents and edit the readers list.</p>
+ <table summary=""><tbody><tr>
+ <th><label>Names:</label></th>
+ <td><input type="text" name="admin_names" size="40"></td>
+ </tr><tr>
+ <th><label>Roles:</label></th>
+ <td><input type="text" name="admin_roles" size="40"></td>
+ </tr>
+ </tbody></table>
+ </fieldset>
+ <fieldset>
+ <h3>Readers</h3>
+ <p class="help">Database readers can access the database. If no readers are defined, the database is public. When readers are defined, only they may read or write to the database.</p>
+ <table summary=""><tbody><tr>
+ <th><label>Names:</label></th>
+ <td><input type="text" name="reader_names" size="40"></td>
+ </tr><tr>
+ <th><label>Roles:</label></th>
+ <td><input type="text" name="reader_roles" size="40"></td>
+ </tr>
+ </tbody></table>
+
+ </fieldset>
+ <div class="buttons">
+ <button type="submit">Update</button>
+ <button type="button" class="cancel">Cancel</button>
+ </div>
+</form>
diff --git a/share/www/script/couch_tests.js b/share/www/script/couch_tests.js
index 6f1acf83..04253c58 100644
--- a/share/www/script/couch_tests.js
+++ b/share/www/script/couch_tests.js
@@ -63,6 +63,7 @@ loadScript("script/oauth.js");
loadScript("script/sha1.js");
loadTest("oauth.js");
loadTest("purge.js");
+loadTest("reader_acl.js");
loadTest("recreate_doc.js");
loadTest("reduce.js");
loadTest("reduce_builtin.js");
diff --git a/share/www/script/futon.browse.js b/share/www/script/futon.browse.js
index 31e979bb..ade16b20 100644
--- a/share/www/script/futon.browse.js
+++ b/share/www/script/futon.browse.js
@@ -178,6 +178,32 @@
}
});
}
+
+ this.databaseSecurity = function() {
+ $.showDialog("dialog/_database_security.html", {
+ load : function(d) {
+ ["admin", "reader"].forEach(function(key) {
+ db.getDbProperty("_"+key+"s", {
+ success : function(r) {
+ $("input[name="+key+"_names]",d).val(JSON.stringify(r.names||[]));
+ $("input[name="+key+"_roles]",d).val(JSON.stringify(r.roles||[]));
+ }
+ });
+ });
+ },
+ // maybe this should be 2 forms
+ submit: function(data, callback) {
+ ["admin", "reader"].forEach(function(key) {
+ var new_value = {
+ names : JSON.parse(data[key+"_names"]),
+ roles : JSON.parse(data[key+"_roles"])
+ };
+ db.setDbProperty("_"+key+"s", new_value);
+ });
+ callback();
+ }
+ });
+ }
this.populateViewEditor = function() {
if (viewName.match(/^_design\//)) {
diff --git a/share/www/script/jquery.couch.js b/share/www/script/jquery.couch.js
index 0dcadc99..7eeaefc7 100644
--- a/share/www/script/jquery.couch.js
+++ b/share/www/script/jquery.couch.js
@@ -371,6 +371,25 @@
},
options, "An error occurred accessing the view"
);
+ },
+ getDbProperty: function(propName, options, ajaxOptions) {
+ ajax({url: this.uri + propName + encodeOptions(options)},
+ options,
+ "The property could not be retrieved",
+ ajaxOptions
+ );
+ },
+
+ setDbProperty: function(propName, propValue, options, ajaxOptions) {
+ ajax({
+ type: "PUT",
+ url: this.uri + propName + encodeOptions(options),
+ data : JSON.stringify(propValue)
+ },
+ options,
+ "The property could not be updated",
+ ajaxOptions
+ );
}
};
},
diff --git a/share/www/script/test/reader_acl.js b/share/www/script/test/reader_acl.js
new file mode 100644
index 00000000..58f3d001
--- /dev/null
+++ b/share/www/script/test/reader_acl.js
@@ -0,0 +1,95 @@
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy
+// of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+couchTests.reader_acl = function(debug) {
+ // this tests read access control
+
+ var usersDb = new CouchDB("test_suite_users", {"X-Couch-Full-Commit":"false"});
+ var secretDb = new CouchDB("test_suite_db", {"X-Couch-Full-Commit":"false"});
+ function testFun() {
+ try {
+ usersDb.deleteDb();
+ usersDb.createDb();
+ secretDb.deleteDb();
+ secretDb.createDb();
+
+ // create a user with top-secret-clearance
+ var jchrisUserDoc = CouchDB.prepareUserDoc({
+ name: "jchris@apache.org",
+ roles : ["top-secret"]
+ }, "funnybone");
+ T(usersDb.save(jchrisUserDoc).ok);
+
+ T(CouchDB.session().userCtx.name == null);
+
+ // set secret db to be read controlled
+ T(secretDb.save({_id:"baz",foo:"bar"}).ok);
+ T(secretDb.open("baz").foo == "bar");
+
+ T(secretDb.setDbProperty("_readers", {
+ roles : ["super-secret-club"],
+ names : ["joe","barb"]}).ok);
+ // can't read it as jchris
+ T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+ T(CouchDB.session().userCtx.name == "jchris@apache.org");
+
+ try {
+ secretDb.open("baz");
+ T(false && "can't open a doc from a secret db") ;
+ } catch(e) {
+ T(true)
+ }
+
+ CouchDB.logout();
+
+ // admin now adds the top-secret role to the db's readers
+ T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1);
+
+ T(secretDb.setDbProperty("_readers", {
+ roles : ["super-secret-club", "top-secret"],
+ names : ["joe","barb"]}).ok);
+
+ // now top-secret users can read it
+ T(secretDb.open("baz").foo == "bar");
+ T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+ T(secretDb.open("baz").foo == "bar");
+
+ CouchDB.logout();
+
+ // can't set non string reader names or roles
+ try {
+ T(!secretDb.setDbProperty("_readers", {
+ roles : ["super-secret-club", {"top-secret":"awesome"}],
+ names : ["joe","barb"]}).ok);
+ T(false && "only string roles");
+ } catch (e) {}
+
+ try {
+ T(!secretDb.setDbProperty("_readers", {
+ roles : ["super-secret-club", "top-secret"],
+ names : ["joe",22]}).ok);
+ T(false && "only string names");
+ } catch (e) {}
+ } finally {
+ CouchDB.logout();
+ }
+ }
+
+ run_on_modified_server(
+ [{section: "httpd",
+ key: "authentication_handlers",
+ value: "{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}"},
+ {section: "couch_httpd_auth",
+ key: "authentication_db", value: "test_suite_users"}],
+ testFun
+ );
+}
diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js
index 43968426..9ecb9ba0 100644
--- a/share/www/script/test/security_validation.js
+++ b/share/www/script/test/security_validation.js
@@ -69,7 +69,13 @@ couchTests.security_validation = function(debug) {
var designDoc = {
_id:"_design/test",
language: "javascript",
- validate_doc_update: "(" + (function (newDoc, oldDoc, userCtx) {
+ validate_doc_update: "(" + (function (newDoc, oldDoc, userCtx, secObj) {
+ if (secObj.admin_override) {
+ if (userCtx.roles.indexOf('_admin') != -1) {
+ // user is admin, they can do anything
+ return true;
+ }
+ }
// docs should have an author field.
if (!newDoc._deleted && !newDoc.author) {
throw {forbidden:
@@ -99,11 +105,11 @@ couchTests.security_validation = function(debug) {
}
// set user as the admin
- T(db.setDbProperty("_admins", ["Damien Katz"]).ok);
+ T(db.setDbProperty("_admins", {names : ["Damien Katz"]}).ok);
T(userDb.save(designDoc).ok);
- // test the _whoami endpoint
+ // test the _session API
var resp = userDb.request("GET", "/_session");
var user = JSON.parse(resp.responseText).userCtx;
T(user.name == "Damien Katz");
@@ -158,6 +164,31 @@ couchTests.security_validation = function(debug) {
T(e.error == "unauthorized");
T(userDb.last_req.status == 401);
}
+
+ // admin must save with author field unless admin override
+ var resp = db.request("GET", "/_session");
+ var user = JSON.parse(resp.responseText).userCtx;
+ T(user.name == null);
+ // test that we are admin
+ TEquals(user.roles, ["_admin"]);
+
+ // can't save the doc even though we are admin
+ var doc = db.open("testdoc");
+ doc.foo=3;
+ try {
+ db.save(doc);
+ T(false && "Can't get here. Should have thrown an error 3");
+ } catch (e) {
+ T(e.error == "unauthorized");
+ T(db.last_req.status == 401);
+ }
+
+ // now turn on admin override
+ T(db.setDbProperty("_security", {admin_override : true}).ok);
+ T(db.save(doc).ok);
+
+ // go back to normal
+ T(db.setDbProperty("_security", {admin_override : false}).ok);
// Now delete document
T(user2Db.deleteDoc(doc).ok);
@@ -188,7 +219,6 @@ couchTests.security_validation = function(debug) {
T(db.open("booboo") == null);
T(db.open("foofoo") == null);
-
// Now test replication
var AuthHeaders = {"WWW-Authenticate": "X-Couch-Test-Auth Christopher Lenz:dog food"};
var host = CouchDB.host;
diff --git a/share/www/style/layout.css b/share/www/style/layout.css
index d3a43db3..30c21824 100644
--- a/share/www/style/layout.css
+++ b/share/www/style/layout.css
@@ -236,6 +236,7 @@ body.fullwidth #wrap { margin-right: 0; }
#toolbar button:hover { background-position: 2px -30px; color: #000; }
#toolbar button:active { background-position: 2px -62px; color: #000; }
#toolbar button.add { background-image: url(../image/add.png); }
+#toolbar button.security { background-image: url(../image/compact.png); }
#toolbar button.compact { background-image: url(../image/compact.png); }
#toolbar button.delete { background-image: url(../image/delete.png); }
#toolbar button.load { background-image: url(../image/load.png); }
diff --git a/src/couchdb/couch_db.erl b/src/couchdb/couch_db.erl
index 47b7c084..e3891821 100644
--- a/src/couchdb/couch_db.erl
+++ b/src/couchdb/couch_db.erl
@@ -22,7 +22,8 @@
-export([enum_docs/4,enum_docs_since/5]).
-export([enum_docs_since_reduce_to_count/1,enum_docs_reduce_to_count/1]).
-export([increment_update_seq/1,get_purge_seq/1,purge_docs/2,get_last_purged/1]).
--export([start_link/3,open_doc_int/3,set_admins/2,get_admins/1,ensure_full_commit/1]).
+-export([start_link/3,open_doc_int/3,ensure_full_commit/1]).
+-export([set_readers/2,get_readers/1,set_admins/2,get_admins/1,set_security/2,get_security/1]).
-export([init/1,terminate/2,handle_call/3,handle_cast/2,code_change/3,handle_info/2]).
-export([changes_since/5,changes_since/6,read_doc/2,new_revid/1]).
@@ -64,7 +65,18 @@ create(DbName, Options) ->
couch_server:create(DbName, Options).
open(DbName, Options) ->
- couch_server:open(DbName, Options).
+ case couch_server:open(DbName, Options) of
+ {ok, Db} ->
+ try
+ check_is_reader(Db),
+ {ok, Db}
+ catch
+ throw:Error ->
+ close(Db),
+ throw(Error)
+ end;
+ Else -> Else
+ end.
ensure_full_commit(#db{update_pid=UpdatePid,instance_start_time=StartTime}) ->
ok = gen_server:call(UpdatePid, full_commit, infinity),
@@ -218,22 +230,103 @@ get_design_docs(#db{fulldocinfo_by_id_btree=Btree}=Db) ->
[], [{start_key, <<"_design/">>}, {end_key_gt, <<"_design0">>}]),
{ok, Docs}.
-check_is_admin(#db{admins=Admins, user_ctx=#user_ctx{name=Name,roles=Roles}}) ->
- DbAdmins = [<<"_admin">> | Admins],
- case DbAdmins -- [Name | Roles] of
- DbAdmins -> % same list, not an admin
- throw({unauthorized, <<"You are not a db or server admin.">>});
+check_is_admin(#db{user_ctx=#user_ctx{name=Name,roles=Roles}}=Db) ->
+ {Admins} = get_admins(Db),
+ AdminRoles = [<<"_admin">> | proplists:get_value(roles, Admins, [])],
+ AdminNames = proplists:get_value(names, Admins,[]),
+ case AdminRoles -- Roles of
+ AdminRoles -> % same list, not an admin role
+ case AdminNames -- [Name] of
+ AdminNames -> % same names, not an admin
+ throw({unauthorized, <<"You are not a db or server admin.">>});
+ _ ->
+ ok
+ end;
_ ->
ok
end.
-get_admins(#db{admins=Admins}) ->
- Admins.
+check_is_reader(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) ->
+ % admins are not readers. this is for good reason.
+ % we don't want to confuse setting admins with making private dbs
+ {Readers} = get_readers(Db),
+ ReaderRoles = proplists:get_value(roles, Readers,[]),
+ WithAdminRoles = [<<"_admin">> | ReaderRoles],
+ ReaderNames = proplists:get_value(names, Readers,[]),
+ case ReaderRoles ++ ReaderNames of
+ [] -> ok; % no readers == public access
+ _Else ->
+ case WithAdminRoles -- Roles of
+ WithAdminRoles -> % same list, not an reader role
+ case ReaderNames -- [Name] of
+ ReaderNames -> % same names, not a reader
+ ?LOG_DEBUG("Not a reader: UserCtx ~p vs Names ~p Roles ~p",[UserCtx, ReaderNames, WithAdminRoles]),
+ throw({unauthorized, <<"You are not authorized to access this db.">>});
+ _ ->
+ ok
+ end;
+ _ ->
+ ok
+ end
+ end.
+
+get_admins(#db{security=SecProps}) ->
+ proplists:get_value(admins, SecProps, {[]}).
+
+set_admins(#db{security=SecProps,update_pid=Pid}=Db, Admins) ->
+ check_is_admin(Db),
+ SecProps2 = update_sec_field(admins, SecProps, just_names_and_roles(Admins)),
+ gen_server:call(Pid, {set_security, SecProps2}, infinity).
+
+get_readers(#db{security=SecProps}) ->
+ proplists:get_value(readers, SecProps, {[]}).
+
+set_readers(#db{security=SecProps,update_pid=Pid}=Db, Readers) ->
+ check_is_admin(Db),
+ SecProps2 = update_sec_field(readers, SecProps, just_names_and_roles(Readers)),
+ gen_server:call(Pid, {set_security, SecProps2}, infinity).
+
+get_security(#db{security=SecProps}) ->
+ proplists:get_value(sec_obj, SecProps, {[]}).
-set_admins(#db{update_pid=Pid}=Db, Admins) when is_list(Admins) ->
+set_security(#db{security=SecProps, update_pid=Pid}=Db, {SecObjProps}) when is_list(SecObjProps) ->
check_is_admin(Db),
- gen_server:call(Pid, {set_admins, Admins}, infinity).
+ SecProps2 = update_sec_field(sec_obj, SecProps, {SecObjProps}),
+ gen_server:call(Pid, {set_security, SecProps2}, infinity).
+
+update_sec_field(Field, SecProps, Value) ->
+ Admins = proplists:get_value(admins, SecProps, {[]}),
+ Readers = proplists:get_value(readers, SecProps, {[]}),
+ SecObj = proplists:get_value(sec_obj, SecProps, {[]}),
+ if Field == admins ->
+ [{admins, Value}];
+ true -> [{admins, Admins}]
+ end ++ if Field == readers ->
+ [{readers, Value}];
+ true -> [{readers, Readers}]
+ end ++ if Field == sec_obj ->
+ [{sec_obj, Value}];
+ true -> [{sec_obj, SecObj}]
+ end.
+% validate user input and convert proplist to atom keys
+just_names_and_roles({Props}) when is_list(Props) ->
+ Names = case proplists:get_value(<<"names">>,Props) of
+ Ns when is_list(Ns) ->
+ [throw("names must be a JSON list of strings") ||N <- Ns, not is_binary(N)],
+ Ns;
+ _ -> []
+ end,
+ Roles = case proplists:get_value(<<"roles">>,Props) of
+ Rs when is_list(Rs) ->
+ [throw("roles must be a JSON list of strings") ||R <- Rs, not is_binary(R)],
+ Rs;
+ _ -> []
+ end,
+ {[
+ {names, Names},
+ {roles, Roles}
+ ]}.
get_revs_limit(#db{revs_limit=Limit}) ->
Limit.
@@ -282,18 +375,8 @@ group_alike_docs([Doc|Rest], [Bucket|RestBuckets]) ->
group_alike_docs(Rest, [[Doc]|[Bucket|RestBuckets]])
end.
-
-validate_doc_update(#db{user_ctx=UserCtx, admins=Admins},
- #doc{id= <<"_design/",_/binary>>}, _GetDiskDocFun) ->
- UserNames = [UserCtx#user_ctx.name | UserCtx#user_ctx.roles],
- % if the user is a server admin or db admin, allow the save
- case length(UserNames -- [<<"_admin">> | Admins]) =:= length(UserNames) of
- true ->
- % not an admin
- {unauthorized, <<"You are not a server or database admin.">>};
- false ->
- ok
- end;
+validate_doc_update(#db{}=Db, #doc{id= <<"_design/",_/binary>>}, _GetDiskDocFun) ->
+ catch check_is_admin(Db);
validate_doc_update(#db{validate_doc_funs=[]}, _Doc, _GetDiskDocFun) ->
ok;
validate_doc_update(_Db, #doc{id= <<"_local/",_/binary>>}, _GetDiskDocFun) ->
@@ -301,7 +384,8 @@ validate_doc_update(_Db, #doc{id= <<"_local/",_/binary>>}, _GetDiskDocFun) ->
validate_doc_update(Db, Doc, GetDiskDocFun) ->
DiskDoc = GetDiskDocFun(),
JsonCtx = couch_util:json_user_ctx(Db),
- try [case Fun(Doc, DiskDoc, JsonCtx) of
+ SecObj = get_security(Db),
+ try [case Fun(Doc, DiskDoc, JsonCtx, SecObj) of
ok -> ok;
Error -> throw(Error)
end || Fun <- Db#db.validate_doc_funs],
diff --git a/src/couchdb/couch_db.hrl b/src/couchdb/couch_db.hrl
index 31b66edb..47e8f9eb 100644
--- a/src/couchdb/couch_db.hrl
+++ b/src/couchdb/couch_db.hrl
@@ -126,7 +126,7 @@
% if the disk revision is incremented, then new upgrade logic will need to be
% added to couch_db_updater:init_db.
--define(LATEST_DISK_VERSION, 4).
+-define(LATEST_DISK_VERSION, 5).
-record(db_header,
{disk_version = ?LATEST_DISK_VERSION,
@@ -137,7 +137,7 @@
local_docs_btree_state = nil,
purge_seq = 0,
purged_docs = nil,
- admins_ptr = nil,
+ security_ptr = nil,
revs_limit = 1000
}).
@@ -157,8 +157,8 @@
name,
filepath,
validate_doc_funs = [],
- admins = [],
- admins_ptr = nil,
+ security = [],
+ security_ptr = nil,
user_ctx = #user_ctx{},
waiting_delayed_commit = nil,
revs_limit = 1000,
diff --git a/src/couchdb/couch_db_updater.erl b/src/couchdb/couch_db_updater.erl
index 723fc11c..d0f8ec61 100644
--- a/src/couchdb/couch_db_updater.erl
+++ b/src/couchdb/couch_db_updater.erl
@@ -53,9 +53,9 @@ handle_call(increment_update_seq, _From, Db) ->
couch_db_update_notifier:notify({updated, Db#db.name}),
{reply, {ok, Db2#db.update_seq}, Db2};
-handle_call({set_admins, NewAdmins}, _From, Db) ->
- {ok, Ptr} = couch_file:append_term(Db#db.fd, NewAdmins),
- Db2 = commit_data(Db#db{admins=NewAdmins, admins_ptr=Ptr,
+handle_call({set_security, NewSec}, _From, Db) ->
+ {ok, Ptr} = couch_file:append_term(Db#db.fd, NewSec),
+ Db2 = commit_data(Db#db{security=NewSec, security_ptr=Ptr,
update_seq=Db#db.update_seq+1}),
ok = gen_server:call(Db2#db.main_pid, {db_updated, Db2}),
{reply, ok, Db2};
@@ -326,7 +326,7 @@ btree_by_seq_reduce(rereduce, Reds) ->
simple_upgrade_record(Old, New) when tuple_size(Old) =:= tuple_size(New) ->
Old;
-simple_upgrade_record(Old, New) ->
+simple_upgrade_record(Old, New) when tuple_size(Old) < tuple_size(New) ->
OldSz = tuple_size(Old),
NewValuesTail =
lists:sublist(tuple_to_list(New), OldSz + 1, tuple_size(New) - OldSz),
@@ -337,9 +337,10 @@ init_db(DbName, Filepath, Fd, Header0) ->
Header1 = simple_upgrade_record(Header0, #db_header{}),
Header =
case element(2, Header1) of
- 1 -> Header1#db_header{unused = 0}; % 0.9
- 2 -> Header1#db_header{unused = 0}; % post 0.9 and pre 0.10
- 3 -> Header1; % post 0.9 and pre 0.10
+ 1 -> Header1#db_header{unused = 0, security_ptr = nil}; % 0.9
+ 2 -> Header1#db_header{unused = 0, security_ptr = nil}; % post 0.9 and pre 0.10
+ 3 -> Header1#db_header{security_ptr = nil}; % post 0.9 and pre 0.10
+ 4 -> Header1#db_header{security_ptr = nil}; % 0.10 and pre 0.11
?LATEST_DISK_VERSION -> Header1;
_ -> throw({database_disk_version_error, "Incorrect disk header version"})
end,
@@ -362,12 +363,12 @@ init_db(DbName, Filepath, Fd, Header0) ->
{join, fun(X,Y) -> btree_by_seq_join(X,Y) end},
{reduce, fun(X,Y) -> btree_by_seq_reduce(X,Y) end}]),
{ok, LocalDocsBtree} = couch_btree:open(Header#db_header.local_docs_btree_state, Fd),
- case Header#db_header.admins_ptr of
+ case Header#db_header.security_ptr of
nil ->
- Admins = [],
- AdminsPtr = nil;
- AdminsPtr ->
- {ok, Admins} = couch_file:pread_term(Fd, AdminsPtr)
+ Security = [],
+ SecurityPtr = nil;
+ SecurityPtr ->
+ {ok, Security} = couch_file:pread_term(Fd, SecurityPtr)
end,
% convert start time tuple to microsecs and store as a binary string
{MegaSecs, Secs, MicroSecs} = now(),
@@ -386,8 +387,8 @@ init_db(DbName, Filepath, Fd, Header0) ->
update_seq = Header#db_header.update_seq,
name = DbName,
filepath = Filepath,
- admins = Admins,
- admins_ptr = AdminsPtr,
+ security = Security,
+ security_ptr = SecurityPtr,
instance_start_time = StartTime,
revs_limit = Header#db_header.revs_limit,
fsync_options = FsyncOptions
@@ -655,7 +656,7 @@ db_to_header(Db, Header) ->
docinfo_by_seq_btree_state = couch_btree:get_state(Db#db.docinfo_by_seq_btree),
fulldocinfo_by_id_btree_state = couch_btree:get_state(Db#db.fulldocinfo_by_id_btree),
local_docs_btree_state = couch_btree:get_state(Db#db.local_docs_btree),
- admins_ptr = Db#db.admins_ptr,
+ security_ptr = Db#db.security_ptr,
revs_limit = Db#db.revs_limit}.
commit_data(#db{fd=Fd,header=OldHeader,fsync_options=FsyncOptions}=Db, Delay) ->
@@ -810,9 +811,9 @@ copy_compact(Db, NewDb0, Retry) ->
NewDb3 = copy_docs(Db, NewDb2, lists:reverse(Uncopied), Retry),
% copy misc header values
- if NewDb3#db.admins /= Db#db.admins ->
- {ok, Ptr} = couch_file:append_term(NewDb3#db.fd, Db#db.admins),
- NewDb4 = NewDb3#db{admins=Db#db.admins, admins_ptr=Ptr};
+ if NewDb3#db.security /= Db#db.security ->
+ {ok, Ptr} = couch_file:append_term(NewDb3#db.fd, Db#db.security),
+ NewDb4 = NewDb3#db{security=Db#db.security, security_ptr=Ptr};
true ->
NewDb4 = NewDb3
end,
diff --git a/src/couchdb/couch_doc.erl b/src/couchdb/couch_doc.erl
index 48ed1530..bbcbd0ba 100644
--- a/src/couchdb/couch_doc.erl
+++ b/src/couchdb/couch_doc.erl
@@ -307,8 +307,8 @@ get_validate_doc_fun(#doc{body={Props}}=DDoc) ->
undefined ->
nil;
_Else ->
- fun(EditDoc, DiskDoc, Ctx) ->
- couch_query_servers:validate_doc_update(DDoc, EditDoc, DiskDoc, Ctx)
+ fun(EditDoc, DiskDoc, Ctx, SecObj) ->
+ couch_query_servers:validate_doc_update(DDoc, EditDoc, DiskDoc, Ctx, SecObj)
end
end.
diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl
index fd143fa1..5421c214 100644
--- a/src/couchdb/couch_httpd_db.erl
+++ b/src/couchdb/couch_httpd_db.erl
@@ -548,8 +548,7 @@ db_req(#httpd{path_parts=[_,<<"_revs_diff">>]}=Req, _Db) ->
send_method_not_allowed(Req, "POST");
-db_req(#httpd{method='PUT',path_parts=[_,<<"_admins">>]}=Req,
- Db) ->
+db_req(#httpd{method='PUT',path_parts=[_,<<"_admins">>]}=Req, Db) ->
Admins = couch_httpd:json_body(Req),
ok = couch_db:set_admins(Db, Admins),
send_json(Req, {[{<<"ok">>, true}]});
@@ -560,6 +559,28 @@ db_req(#httpd{method='GET',path_parts=[_,<<"_admins">>]}=Req, Db) ->
db_req(#httpd{path_parts=[_,<<"_admins">>]}=Req, _Db) ->
send_method_not_allowed(Req, "PUT,GET");
+db_req(#httpd{method='PUT',path_parts=[_,<<"_readers">>]}=Req, Db) ->
+ Readers = couch_httpd:json_body(Req),
+ ok = couch_db:set_readers(Db, Readers),
+ send_json(Req, {[{<<"ok">>, true}]});
+
+db_req(#httpd{method='GET',path_parts=[_,<<"_readers">>]}=Req, Db) ->
+ send_json(Req, couch_db:get_readers(Db));
+
+db_req(#httpd{path_parts=[_,<<"_readers">>]}=Req, _Db) ->
+ send_method_not_allowed(Req, "PUT,GET");
+
+db_req(#httpd{method='PUT',path_parts=[_,<<"_security">>]}=Req, Db) ->
+ SecObj = couch_httpd:json_body(Req),
+ ok = couch_db:set_security(Db, SecObj),
+ send_json(Req, {[{<<"ok">>, true}]});
+
+db_req(#httpd{method='GET',path_parts=[_,<<"_security">>]}=Req, Db) ->
+ send_json(Req, couch_db:get_security(Db));
+
+db_req(#httpd{path_parts=[_,<<"_security">>]}=Req, _Db) ->
+ send_method_not_allowed(Req, "PUT,GET");
+
db_req(#httpd{method='PUT',path_parts=[_,<<"_revs_limit">>]}=Req,
Db) ->
Limit = couch_httpd:json_body(Req),
diff --git a/src/couchdb/couch_query_servers.erl b/src/couchdb/couch_query_servers.erl
index 30f4c4c7..dd5fee94 100644
--- a/src/couchdb/couch_query_servers.erl
+++ b/src/couchdb/couch_query_servers.erl
@@ -17,7 +17,7 @@
-export([init/1, terminate/2, handle_call/3, handle_cast/2, handle_info/2,code_change/3,stop/0]).
-export([start_doc_map/2, map_docs/2, stop_doc_map/1]).
--export([reduce/3, rereduce/3,validate_doc_update/4]).
+-export([reduce/3, rereduce/3,validate_doc_update/5]).
-export([filter_docs/5]).
-export([with_ddoc_proc/2, proc_prompt/2, ddoc_prompt/3, ddoc_proc_prompt/3, json_doc/1]).
@@ -166,10 +166,10 @@ builtin_sum_rows(KVs) ->
% use the function stored in ddoc.validate_doc_update to test an update.
-validate_doc_update(DDoc, EditDoc, DiskDoc, Ctx) ->
+validate_doc_update(DDoc, EditDoc, DiskDoc, Ctx, SecObj) ->
JsonEditDoc = couch_doc:to_json_obj(EditDoc, [revs]),
JsonDiskDoc = json_doc(DiskDoc),
- case ddoc_prompt(DDoc, [<<"validate_doc_update">>], [JsonEditDoc, JsonDiskDoc, Ctx]) of
+ case ddoc_prompt(DDoc, [<<"validate_doc_update">>], [JsonEditDoc, JsonDiskDoc, Ctx, SecObj]) of
1 ->
ok;
{[{<<"forbidden">>, Message}]} ->