From 2c260766864a56e10aa45c3b1782f640b21a0bac Mon Sep 17 00:00:00 2001 From: "Damien F. Katz" Date: Thu, 20 Nov 2008 04:42:43 +0000 Subject: Nearly completed security/validation work. Still needs replication testing. git-svn-id: https://svn.apache.org/repos/asf/incubator/couchdb/trunk@719160 13f79535-47bb-0310-9956-ffa450edef68 --- src/couchdb/couch_httpd_db.erl | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'src/couchdb/couch_httpd_db.erl') diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl index a239ceb5..0bf9d62e 100644 --- a/src/couchdb/couch_httpd_db.erl +++ b/src/couchdb/couch_httpd_db.erl @@ -42,7 +42,7 @@ handle_request(#httpd{path_parts=[DbName|RestParts],method=Method, end. create_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) -> - ok = couch_httpd:check_is_admin(Req), + ok = couch_httpd:verify_is_server_admin(Req), case couch_server:create(DbName, [{user_ctx, UserCtx}]) of {ok, Db} -> couch_db:close(Db), @@ -52,7 +52,7 @@ create_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) -> end. delete_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) -> - ok = couch_httpd:check_is_admin(Req), + ok = couch_httpd:verify_is_server_admin(Req), case couch_server:delete(DbName, [{user_ctx, UserCtx}]) of ok -> send_json(Req, 200, {[{ok, true}]}); @@ -230,6 +230,18 @@ db_req(#httpd{method='POST',path_parts=[_,<<"_missing_revs">>]}=Req, Db) -> db_req(#httpd{path_parts=[_,<<"_missing_revs">>]}=Req, _Db) -> send_method_not_allowed(Req, "POST"); +db_req(#httpd{method='PUT',path_parts=[_,<<"_admins">>]}=Req, + Db) -> + Admins = couch_httpd:json_body(Req), + ok = couch_db:set_admins(Db, Admins), + send_json(Req, {[{<<"ok">>, true}]}); + +db_req(#httpd{method='GET',path_parts=[_,<<"_admins">>]}=Req, Db) -> + send_json(Req, couch_db:get_admins(Db)); + +db_req(#httpd{path_parts=[_,<<"_admins">>]}=Req, _Db) -> + send_method_not_allowed(Req, "PUT,GET"); + db_req(#httpd{method='POST',path_parts=[DbName,<<"_design">>,Name|Rest]}=Req, Db) -> % Special case to enable using an unencoded in the URL of design docs, as -- cgit v1.2.3