Allow customisation of default security object
COUCHDB-3016
diff --git a/src/couch_db_updater.erl b/src/couch_db_updater.erl
index 813161a..28022a8 100644
--- a/src/couch_db_updater.erl
+++ b/src/couch_db_updater.erl
@@ -570,7 +570,7 @@
[{compression, Compression}]),
case couch_db_header:security_ptr(Header) of
nil ->
- Security = [],
+ Security = default_security_object(),
SecurityPtr = nil;
SecurityPtr ->
{ok, Security} = couch_file:pread_term(Fd, SecurityPtr)
@@ -1437,3 +1437,12 @@
end,
SummaryBin = ?term_to_bin({Body, Atts}),
couch_file:assemble_file_chunk(SummaryBin, couch_crypto:hash(md5, SummaryBin)).
+
+default_security_object() ->
+ case config:get("couchdb", "default_security", "open") of
+ "admin_only" ->
+ [{<<"members">>,{[{<<"roles">>,[<<"_admin">>]}]}},
+ {<<"admins">>,{[{<<"roles">>,[<<"_admin">>]}]}}];
+ "everyone" ->
+ []
+ end.