From 6bebee4e85ba211212a9ed3b270077f050214911 Mon Sep 17 00:00:00 2001
From: John Christopher Anderson <jchris@apache.org>
Date: Wed, 3 Feb 2010 17:29:41 +0000
Subject: enhance reader and admin lists

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@906138 13f79535-47bb-0310-9956-ffa450edef68
---
 src/couchdb/couch_db.erl | 46 ++++++++++++++++++++++++----------------------
 1 file changed, 24 insertions(+), 22 deletions(-)

(limited to 'src/couchdb')

diff --git a/src/couchdb/couch_db.erl b/src/couchdb/couch_db.erl
index e3891821..aee3bf95 100644
--- a/src/couchdb/couch_db.erl
+++ b/src/couchdb/couch_db.erl
@@ -247,26 +247,28 @@ check_is_admin(#db{user_ctx=#user_ctx{name=Name,roles=Roles}}=Db) ->
     end.
 
 check_is_reader(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) ->
-    % admins are not readers. this is for good reason. 
-    % we don't want to confuse setting admins with making private dbs
-    {Readers} = get_readers(Db),
-    ReaderRoles = proplists:get_value(roles, Readers,[]),
-    WithAdminRoles = [<<"_admin">> | ReaderRoles],
-    ReaderNames = proplists:get_value(names, Readers,[]),
-    case ReaderRoles ++ ReaderNames of 
-    [] -> ok; % no readers == public access
-    _Else ->
-        case WithAdminRoles -- Roles of
-        WithAdminRoles -> % same list, not an reader role
-            case ReaderNames -- [Name] of
-            ReaderNames -> % same names, not a reader
-                ?LOG_DEBUG("Not a reader: UserCtx ~p vs Names ~p Roles ~p",[UserCtx, ReaderNames, WithAdminRoles]),
-                throw({unauthorized, <<"You are not authorized to access this db.">>});
+    case (catch check_is_admin(Db)) of
+    ok -> ok;
+    _ ->
+        {Readers} = get_readers(Db),
+        ReaderRoles = proplists:get_value(roles, Readers,[]),
+        WithAdminRoles = [<<"_admin">> | ReaderRoles],
+        ReaderNames = proplists:get_value(names, Readers,[]),
+        case ReaderRoles ++ ReaderNames of 
+        [] -> ok; % no readers == public access
+        _Else ->
+            case WithAdminRoles -- Roles of
+            WithAdminRoles -> % same list, not an reader role
+                case ReaderNames -- [Name] of
+                ReaderNames -> % same names, not a reader
+                    ?LOG_DEBUG("Not a reader: UserCtx ~p vs Names ~p Roles ~p",[UserCtx, ReaderNames, WithAdminRoles]),
+                    throw({unauthorized, <<"You are not authorized to access this db.">>});
+                _ ->
+                    ok
+                end;
             _ ->
                 ok
-            end;
-        _ ->
-            ok
+            end
         end
     end.
 
@@ -311,17 +313,17 @@ update_sec_field(Field, SecProps, Value) ->
 
 % validate user input and convert proplist to atom keys
 just_names_and_roles({Props}) when is_list(Props) ->
-    Names = case proplists:get_value(<<"names">>,Props) of
+    Names = case proplists:get_value(<<"names">>,Props,[]) of
     Ns when is_list(Ns) ->
             [throw("names must be a JSON list of strings") ||N <- Ns, not is_binary(N)],
             Ns;
-    _ -> []
+    _ -> throw("names must be a JSON list of strings")
     end,
-    Roles = case proplists:get_value(<<"roles">>,Props) of
+    Roles = case proplists:get_value(<<"roles">>,Props,[]) of
     Rs when is_list(Rs) ->
         [throw("roles must be a JSON list of strings") ||R <- Rs, not is_binary(R)],
         Rs;
-    _ -> []
+    _ -> throw("roles must be a JSON list of strings")
     end,
     {[
         {names, Names},
-- 
cgit v1.2.3