From 55aa33cb2cb6634c49812ce7c51171c8c45fbe2a Mon Sep 17 00:00:00 2001
From: Filipe David Borba Manana <fdmanana@apache.org>
Date: Thu, 21 Apr 2011 10:48:50 +0000
Subject: Merged revision 1095649 from trunk

    By default, allow only admins to trigger delegated replications



git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/1.1.x@1095650 13f79535-47bb-0310-9956-ffa450edef68
---
 src/couchdb/couch_js_functions.hrl | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src')

diff --git a/src/couchdb/couch_js_functions.hrl b/src/couchdb/couch_js_functions.hrl
index 6c2ad8df..0cc49d62 100644
--- a/src/couchdb/couch_js_functions.hrl
+++ b/src/couchdb/couch_js_functions.hrl
@@ -138,6 +138,8 @@
         }
 
         var isReplicator = (userCtx.roles.indexOf('_replicator') >= 0);
+        var isAdmin = (userCtx.roles.indexOf('_admin') >= 0);
+
         if (oldDoc && !newDoc._deleted && !isReplicator) {
             reportError('Only the replicator can edit replication documents.');
         }
@@ -178,6 +180,12 @@
             }
 
             if (newDoc.user_ctx) {
+                if (!isAdmin) {
+                    reportError('Delegated replications (use of the ' +
+                        '`user_ctx\\' property) can only be triggered by ' +
+                        'administrators.');
+                }
+
                 var user_ctx = newDoc.user_ctx;
 
                 if ((typeof user_ctx !== 'object') || (user_ctx === null)) {
-- 
cgit v1.2.3