diff options
author | Victor Shyba <victor.shyba@gmail.com> | 2015-09-18 17:30:19 -0300 |
---|---|---|
committer | Victor Shyba <victor.shyba@gmail.com> | 2015-09-28 16:52:53 -0300 |
commit | a660f60b9644836b0dbdf54cd04b15f4d4654d0f (patch) | |
tree | 655a06605f5d9f4bce9e7a01883dccab87068a86 | |
parent | b065492f35006c3d108965b2b50144e080fbe678 (diff) |
[feat] ensure security document
Beyond ensuring ddocs, it is also necessary to ensure _security doc
presence while creating a database.
This document will tell couchdb to grant access to 'soledad' user as a
member role and no one as admin.
-rw-r--r-- | common/src/leap/soledad/common/couch.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/common/src/leap/soledad/common/couch.py b/common/src/leap/soledad/common/couch.py index 36f6239e..d9ed5026 100644 --- a/common/src/leap/soledad/common/couch.py +++ b/common/src/leap/soledad/common/couch.py @@ -435,6 +435,7 @@ class CouchDatabase(CommonBackend): self._set_replica_uid(replica_uid) if ensure_ddocs: self.ensure_ddocs_on_db() + self.ensure_security() self._cache = None @property @@ -467,6 +468,16 @@ class CouchDatabase(CommonBackend): getattr(ddocs, ddoc_name))) self._database.save(ddoc) + def ensure_security(self): + """ + Make sure that only soledad user is able to access this database as + a member. + """ + security = self._database.security + security['members'] = {'names': ['soledad'], 'roles': []} + security['admins'] = {'names': [], 'roles': []} + self._database.security = security + def get_sync_target(self): """ Return a SyncTarget object, for another u1db to synchronize with. |