diff options
Diffstat (limited to 'share/www')
-rw-r--r-- | share/www/script/couch.js | 10 | ||||
-rw-r--r-- | share/www/script/test/reader_acl.js | 77 | ||||
-rw-r--r-- | share/www/script/test/security_validation.js | 4 |
3 files changed, 59 insertions, 32 deletions
diff --git a/share/www/script/couch.js b/share/www/script/couch.js index 4438a870..c5495424 100644 --- a/share/www/script/couch.js +++ b/share/www/script/couch.js @@ -263,16 +263,16 @@ function CouchDB(name, httpHeaders) { return JSON.parse(this.last_req.responseText); } - this.setAdmins = function(adminsArray) { - this.last_req = this.request("PUT", this.uri + "_admins",{ - body:JSON.stringify(adminsArray) + this.setSecObj = function(secObj) { + this.last_req = this.request("PUT", this.uri + "_security",{ + body:JSON.stringify(secObj) }); CouchDB.maybeThrowError(this.last_req); return JSON.parse(this.last_req.responseText); } - this.getAdmins = function() { - this.last_req = this.request("GET", this.uri + "_admins"); + this.getSecObj = function() { + this.last_req = this.request("GET", this.uri + "_security"); CouchDB.maybeThrowError(this.last_req); return JSON.parse(this.last_req.responseText); } diff --git a/share/www/script/test/reader_acl.js b/share/www/script/test/reader_acl.js index a5fc6a1a..6f834bfb 100644 --- a/share/www/script/test/reader_acl.js +++ b/share/www/script/test/reader_acl.js @@ -35,9 +35,12 @@ couchTests.reader_acl = function(debug) { T(secretDb.save({_id:"baz",foo:"bar"}).ok); T(secretDb.open("baz").foo == "bar"); - T(secretDb.setDbProperty("_readers", { - roles : ["super-secret-club"], - names : ["joe","barb"]}).ok); + T(secretDb.setSecObj({ + "readers" : { + roles : ["super-secret-club"], + names : ["joe","barb"] + } + }).ok); // can't read it as jchris T(CouchDB.login("jchris@apache.org", "funnybone").ok); T(CouchDB.session().userCtx.name == "jchris@apache.org"); @@ -51,54 +54,76 @@ couchTests.reader_acl = function(debug) { CouchDB.logout(); - // make top-secret an admin - T(secretDb.setDbProperty("_admins", { - roles : ["top-secret"], - names : []}).ok); + // make anyone with the top-secret role an admin + // db admins are automatically readers + T(secretDb.setSecObj({ + "admins" : { + roles : ["top-secret"], + names : [] + }, + "readers" : { + roles : ["super-secret-club"], + names : ["joe","barb"] + } + }).ok); T(CouchDB.login("jchris@apache.org", "funnybone").ok); T(secretDb.open("baz").foo == "bar"); CouchDB.logout(); - - T(secretDb.setDbProperty("_admins", { - roles : [], - names : []}).ok); - - // admin now adds the top-secret role to the db's readers T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1); - T(secretDb.setDbProperty("_readers", { - roles : ["super-secret-club", "top-secret"], - names : ["joe","barb"]}).ok); + // admin now adds the top-secret role to the db's readers + // and removes db-admins + T(secretDb.setSecObj({ + "admins" : { + roles : [], + names : [] + }, + "readers" : { + roles : ["super-secret-club", "top-secret"], + names : ["joe","barb"] + } + }).ok); - // now top-secret users can read it + // server _admin can always read T(secretDb.open("baz").foo == "bar"); + + // now top-secret users can read too T(CouchDB.login("jchris@apache.org", "funnybone").ok); + T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1); T(secretDb.open("baz").foo == "bar"); CouchDB.logout(); // can't set non string reader names or roles try { - secretDb.setDbProperty("_readers", { - roles : ["super-secret-club", {"top-secret":"awesome"}], - names : ["joe","barb"]}); + secretDb.setSecObj({ + "readers" : { + roles : ["super-secret-club", {"top-secret":"awesome"}], + names : ["joe","barb"] + } + }) T(false && "only string roles"); } catch (e) {} try { - secretDb.setDbProperty("_readers", { - roles : ["super-secret-club", "top-secret"], - names : ["joe",22]}); + secretDb.setSecObj({ + "readers" : { + roles : ["super-secret-club", {"top-secret":"awesome"}], + names : ["joe",22] + } + }); T(false && "only string names"); } catch (e) {} try { - secretDb.setDbProperty("_readers", { - roles : ["super-secret-club", "top-secret"], - names : "joe" + secretDb.setSecObj({ + "readers" : { + roles : ["super-secret-club", {"top-secret":"awesome"}], + names : "joe" + } }); T(false && "only lists of names"); } catch (e) {} diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js index d618a5ac..94fe62c4 100644 --- a/share/www/script/test/security_validation.js +++ b/share/www/script/test/security_validation.js @@ -105,7 +105,9 @@ couchTests.security_validation = function(debug) { } // set user as the admin - T(db.setDbProperty("_admins", {names : ["Damien Katz"]}).ok); + T(db.setSecObj({ + admins : {names : ["Damien Katz"]} + }).ok); T(userDb.save(designDoc).ok); |