summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVictor Shyba <victor.shyba@gmail.com>2015-09-18 17:30:19 -0300
committerVictor Shyba <victor.shyba@gmail.com>2015-09-28 16:52:53 -0300
commita660f60b9644836b0dbdf54cd04b15f4d4654d0f (patch)
tree655a06605f5d9f4bce9e7a01883dccab87068a86
parentb065492f35006c3d108965b2b50144e080fbe678 (diff)
[feat] ensure security document
Beyond ensuring ddocs, it is also necessary to ensure _security doc presence while creating a database. This document will tell couchdb to grant access to 'soledad' user as a member role and no one as admin.
-rw-r--r--common/src/leap/soledad/common/couch.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/common/src/leap/soledad/common/couch.py b/common/src/leap/soledad/common/couch.py
index 36f6239e..d9ed5026 100644
--- a/common/src/leap/soledad/common/couch.py
+++ b/common/src/leap/soledad/common/couch.py
@@ -435,6 +435,7 @@ class CouchDatabase(CommonBackend):
self._set_replica_uid(replica_uid)
if ensure_ddocs:
self.ensure_ddocs_on_db()
+ self.ensure_security()
self._cache = None
@property
@@ -467,6 +468,16 @@ class CouchDatabase(CommonBackend):
getattr(ddocs, ddoc_name)))
self._database.save(ddoc)
+ def ensure_security(self):
+ """
+ Make sure that only soledad user is able to access this database as
+ a member.
+ """
+ security = self._database.security
+ security['members'] = {'names': ['soledad'], 'roles': []}
+ security['admins'] = {'names': [], 'roles': []}
+ self._database.security = security
+
def get_sync_target(self):
"""
Return a SyncTarget object, for another u1db to synchronize with.