[feat] ensure security document

Beyond ensuring ddocs, it is also necessary to ensure _security doc presence while creating a database. This document will tell couchdb to grant access to 'soledad' user as a member role and no one as admin.
author: Victor Shyba <victor.shyba@gmail.com> 2015-09-18 17:30:19 -0300
committer: Victor Shyba <victor.shyba@gmail.com> 2015-09-28 16:52:53 -0300
commit: a660f60b9644836b0dbdf54cd04b15f4d4654d0f (patch)
tree: 655a06605f5d9f4bce9e7a01883dccab87068a86
parent: b065492f35006c3d108965b2b50144e080fbe678 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/common/src/leap/soledad/common/couch.py b/common/src/leap/soledad/common/couch.py
index 36f6239e..d9ed5026 100644
--- a/common/src/leap/soledad/common/couch.py
+++ b/common/src/leap/soledad/common/couch.py
@@ -435,6 +435,7 @@ class CouchDatabase(CommonBackend):
             self._set_replica_uid(replica_uid)
         if ensure_ddocs:
             self.ensure_ddocs_on_db()
+            self.ensure_security()
         self._cache = None
 
     @property
@@ -467,6 +468,16 @@ class CouchDatabase(CommonBackend):
                         getattr(ddocs, ddoc_name)))
                 self._database.save(ddoc)
 
+    def ensure_security(self):
+        """
+        Make sure that only soledad user is able to access this database as
+        a member.
+        """
+        security = self._database.security
+        security['members'] = {'names': ['soledad'], 'roles': []}
+        security['admins'] = {'names': [], 'roles': []}
+        self._database.security = security
+
     def get_sync_target(self):
         """
         Return a SyncTarget object, for another u1db to synchronize with.
author	Victor Shyba <victor.shyba@gmail.com>	2015-09-18 17:30:19 -0300
committer	Victor Shyba <victor.shyba@gmail.com>	2015-09-28 16:52:53 -0300
commit	a660f60b9644836b0dbdf54cd04b15f4d4654d0f (patch)
tree	655a06605f5d9f4bce9e7a01883dccab87068a86
parent	b065492f35006c3d108965b2b50144e080fbe678 (diff)