Allow customisation of default security object COUCHDB-3016

commit: db78f6827109ee1b41bceedf7eadd629c6044cc9 [log] [tgz]
author: Robert Newson <rnewson@apache.org> Tue May 10 20:59:38 2016 +0100
committer: Robert Newson <rnewson@apache.org> Sun May 15 20:10:49 2016 +0100
tree: 64f6d0243540c606b3bf930d88e8858e79c8d1ac
parent: aef448db040eb41d0c7a8a75d2ac447893444194 [diff]
diff --git a/src/couch_db_updater.erl b/src/couch_db_updater.erl
index 813161a..28022a8 100644
--- a/src/couch_db_updater.erl
+++ b/src/couch_db_updater.erl

@@ -570,7 +570,7 @@
         [{compression, Compression}]),
     case couch_db_header:security_ptr(Header) of
     nil ->
-        Security = [],
+        Security = default_security_object(),
         SecurityPtr = nil;
     SecurityPtr ->
         {ok, Security} = couch_file:pread_term(Fd, SecurityPtr)
@@ -1437,3 +1437,12 @@
     end,
     SummaryBin = ?term_to_bin({Body, Atts}),
     couch_file:assemble_file_chunk(SummaryBin, couch_crypto:hash(md5, SummaryBin)).
+
+default_security_object() ->
+    case config:get("couchdb", "default_security", "open") of
+        "admin_only" ->
+            [{<<"members">>,{[{<<"roles">>,[<<"_admin">>]}]}},
+             {<<"admins">>,{[{<<"roles">>,[<<"_admin">>]}]}}];
+        "everyone" ->
+            []
+    end.
commit	db78f6827109ee1b41bceedf7eadd629c6044cc9	[log] [tgz]
author	Robert Newson <rnewson@apache.org>	Tue May 10 20:59:38 2016 +0100
committer	Robert Newson <rnewson@apache.org>	Sun May 15 20:10:49 2016 +0100
tree	64f6d0243540c606b3bf930d88e8858e79c8d1ac
parent	aef448db040eb41d0c7a8a75d2ac447893444194 [diff]