Forbid access to _local_docs for non-system dbs
COUCHDB-1145
diff --git a/src/couch_mrview_http.erl b/src/couch_mrview_http.erl
index 75e2c54..dc50f59 100644
--- a/src/couch_mrview_http.erl
+++ b/src/couch_mrview_http.erl
@@ -180,7 +180,7 @@
all_docs_req(Req, Db, Keys, undefined).
all_docs_req(Req, Db, Keys, NS) ->
- case couch_db:is_system_db(Db) of
+ case is_restricted(Db, NS) of
true ->
case (catch couch_db:check_is_admin(Db)) of
ok ->
@@ -200,6 +200,11 @@
do_all_docs_req(Req, Db, Keys, NS)
end.
+is_restricted(_Db, <<"_local">>) ->
+ true;
+is_restricted(Db, _) ->
+ couch_db:is_system_db(Db).
+
is_public_fields_configured(Db) ->
DbName = ?b2l(Db#db.name),
case config:get("couch_httpd_auth",