summaryrefslogtreecommitdiff
path: root/share/www
diff options
context:
space:
mode:
Diffstat (limited to 'share/www')
-rw-r--r--share/www/script/couch.js10
-rw-r--r--share/www/script/test/reader_acl.js77
-rw-r--r--share/www/script/test/security_validation.js4
3 files changed, 59 insertions, 32 deletions
diff --git a/share/www/script/couch.js b/share/www/script/couch.js
index 4438a870..c5495424 100644
--- a/share/www/script/couch.js
+++ b/share/www/script/couch.js
@@ -263,16 +263,16 @@ function CouchDB(name, httpHeaders) {
return JSON.parse(this.last_req.responseText);
}
- this.setAdmins = function(adminsArray) {
- this.last_req = this.request("PUT", this.uri + "_admins",{
- body:JSON.stringify(adminsArray)
+ this.setSecObj = function(secObj) {
+ this.last_req = this.request("PUT", this.uri + "_security",{
+ body:JSON.stringify(secObj)
});
CouchDB.maybeThrowError(this.last_req);
return JSON.parse(this.last_req.responseText);
}
- this.getAdmins = function() {
- this.last_req = this.request("GET", this.uri + "_admins");
+ this.getSecObj = function() {
+ this.last_req = this.request("GET", this.uri + "_security");
CouchDB.maybeThrowError(this.last_req);
return JSON.parse(this.last_req.responseText);
}
diff --git a/share/www/script/test/reader_acl.js b/share/www/script/test/reader_acl.js
index a5fc6a1a..6f834bfb 100644
--- a/share/www/script/test/reader_acl.js
+++ b/share/www/script/test/reader_acl.js
@@ -35,9 +35,12 @@ couchTests.reader_acl = function(debug) {
T(secretDb.save({_id:"baz",foo:"bar"}).ok);
T(secretDb.open("baz").foo == "bar");
- T(secretDb.setDbProperty("_readers", {
- roles : ["super-secret-club"],
- names : ["joe","barb"]}).ok);
+ T(secretDb.setSecObj({
+ "readers" : {
+ roles : ["super-secret-club"],
+ names : ["joe","barb"]
+ }
+ }).ok);
// can't read it as jchris
T(CouchDB.login("jchris@apache.org", "funnybone").ok);
T(CouchDB.session().userCtx.name == "jchris@apache.org");
@@ -51,54 +54,76 @@ couchTests.reader_acl = function(debug) {
CouchDB.logout();
- // make top-secret an admin
- T(secretDb.setDbProperty("_admins", {
- roles : ["top-secret"],
- names : []}).ok);
+ // make anyone with the top-secret role an admin
+ // db admins are automatically readers
+ T(secretDb.setSecObj({
+ "admins" : {
+ roles : ["top-secret"],
+ names : []
+ },
+ "readers" : {
+ roles : ["super-secret-club"],
+ names : ["joe","barb"]
+ }
+ }).ok);
T(CouchDB.login("jchris@apache.org", "funnybone").ok);
T(secretDb.open("baz").foo == "bar");
CouchDB.logout();
-
- T(secretDb.setDbProperty("_admins", {
- roles : [],
- names : []}).ok);
-
- // admin now adds the top-secret role to the db's readers
T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1);
- T(secretDb.setDbProperty("_readers", {
- roles : ["super-secret-club", "top-secret"],
- names : ["joe","barb"]}).ok);
+ // admin now adds the top-secret role to the db's readers
+ // and removes db-admins
+ T(secretDb.setSecObj({
+ "admins" : {
+ roles : [],
+ names : []
+ },
+ "readers" : {
+ roles : ["super-secret-club", "top-secret"],
+ names : ["joe","barb"]
+ }
+ }).ok);
- // now top-secret users can read it
+ // server _admin can always read
T(secretDb.open("baz").foo == "bar");
+
+ // now top-secret users can read too
T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+ T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1);
T(secretDb.open("baz").foo == "bar");
CouchDB.logout();
// can't set non string reader names or roles
try {
- secretDb.setDbProperty("_readers", {
- roles : ["super-secret-club", {"top-secret":"awesome"}],
- names : ["joe","barb"]});
+ secretDb.setSecObj({
+ "readers" : {
+ roles : ["super-secret-club", {"top-secret":"awesome"}],
+ names : ["joe","barb"]
+ }
+ })
T(false && "only string roles");
} catch (e) {}
try {
- secretDb.setDbProperty("_readers", {
- roles : ["super-secret-club", "top-secret"],
- names : ["joe",22]});
+ secretDb.setSecObj({
+ "readers" : {
+ roles : ["super-secret-club", {"top-secret":"awesome"}],
+ names : ["joe",22]
+ }
+ });
T(false && "only string names");
} catch (e) {}
try {
- secretDb.setDbProperty("_readers", {
- roles : ["super-secret-club", "top-secret"],
- names : "joe"
+ secretDb.setSecObj({
+ "readers" : {
+ roles : ["super-secret-club", {"top-secret":"awesome"}],
+ names : "joe"
+ }
});
T(false && "only lists of names");
} catch (e) {}
diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js
index d618a5ac..94fe62c4 100644
--- a/share/www/script/test/security_validation.js
+++ b/share/www/script/test/security_validation.js
@@ -105,7 +105,9 @@ couchTests.security_validation = function(debug) {
}
// set user as the admin
- T(db.setDbProperty("_admins", {names : ["Damien Katz"]}).ok);
+ T(db.setSecObj({
+ admins : {names : ["Damien Katz"]}
+ }).ok);
T(userDb.save(designDoc).ok);