diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/couchdb/couch_js_functions.hrl | 53 | ||||
| -rw-r--r-- | src/couchdb/couch_rep.erl | 2 |
2 files changed, 15 insertions, 40 deletions
diff --git a/src/couchdb/couch_js_functions.hrl b/src/couchdb/couch_js_functions.hrl index f850dd4c..e2121aa9 100644 --- a/src/couchdb/couch_js_functions.hrl +++ b/src/couchdb/couch_js_functions.hrl @@ -99,55 +99,32 @@ -define(REP_DB_DOC_VALIDATE_FUN, <<" function(newDoc, oldDoc, userCtx) { - var isAdmin = (userCtx.roles.indexOf('_admin') >= 0); - var isReplicator = (userCtx.roles.indexOf('_replicator') >= 0); - - if (oldDoc && !newDoc._deleted && !isReplicator) { - throw({forbidden: - 'Only the replicator can edit replication documents. ' + - 'Admins can only add and delete replication documents.' - }); - } else if (!isAdmin) { - throw({forbidden: - 'Only admins may add/delete replication documents.' - }); - } - - if (!oldDoc && newDoc.state) { - throw({forbidden: - 'The state field can only be set by the replicator.' - }); - } + if (newDoc.user_ctx) { - if (!oldDoc && newDoc.replication_id) { - throw({forbidden: - 'The replication_id field can only be set by the replicator.' - }); - } + function reportError(error_msg) { + log('Error writing document ' + newDoc._id + + ' to replicator DB: ' + error_msg); + throw({forbidden: error_msg}); + } - if (newDoc.user_ctx) { var user_ctx = newDoc.user_ctx; if (typeof user_ctx !== 'object') { - throw({forbidden: 'The user_ctx property must be an object.'}); + reportError('The user_ctx property must be an object.'); } if (!(user_ctx.name === null || (typeof user_ctx.name === 'undefined') || ((typeof user_ctx.name === 'string') && user_ctx.name.length > 0))) { - throw({forbidden: - 'The name property of the user_ctx must be a ' + - 'non-empty string.' - }); + reportError('The name property of the user_ctx must be a ' + + 'non-empty string.'); } if ((typeof user_ctx.roles !== 'undefined') && (typeof user_ctx.roles.length !== 'number')) { - throw({forbidden: - 'The roles property of the user_ctx must be ' + - 'an array of strings.' - }); + reportError('The roles property of the user_ctx must be ' + + 'an array of strings.'); } if (user_ctx.roles) { @@ -155,13 +132,11 @@ var role = user_ctx.roles[i]; if (typeof role !== 'string' || role.length === 0) { - throw({forbidden: 'Roles must be non-empty strings.'}); + reportError('Each role must be a non-empty string.'); } if (role[0] === '_') { - throw({forbidden: - 'System roles (starting with underscore) ' + - 'are not allowed.' - }); + reportError('System roles (starting with underscore) ' + + 'are not allowed.'); } } } diff --git a/src/couchdb/couch_rep.erl b/src/couchdb/couch_rep.erl index d35471c5..e288efa6 100644 --- a/src/couchdb/couch_rep.erl +++ b/src/couchdb/couch_rep.erl @@ -862,7 +862,7 @@ maybe_set_triggered({RepProps} = RepDoc, RepId) -> ensure_rep_db_exists() -> DbName = ?l2b(couch_config:get("replicator", "db", "_replicator")), Opts = [ - {user_ctx, #user_ctx{roles=[<<"_admin">>, <<"_replicator">>]}}, + {user_ctx, #user_ctx{roles=[<<"_admin">>]}}, sys_db ], case couch_db:open(DbName, Opts) of |