Google Git
Sign in
apache / couchdb-fabric / 18e6fd852e7442ad957950daaaa7ee11d49255ea^! / .
commit18e6fd852e7442ad957950daaaa7ee11d49255ea[log] [tgz]
authorRobert Newson <rnewson@apache.org>Tue Jun 21 16:00:08 2016 +0100
committerRobert Newson <rnewson@apache.org>Tue Jun 21 17:10:03 2016 +0100
tree5c1c4a3c42bdf97e253e4df9d0c7e439cdfd68dd
parent17af869aa3f573da30b93ae50308b0b8024af63f [diff]
Pass security object in fake db

Users can be granted admin access to the special _users and
_replicator databases so we need to pass the security object to the
authorization functions.

COUCHDB-2991

diff --git a/src/fabric.erl b/src/fabric.erl
index 7e1223b..ddbcb94 100644
--- a/src/fabric.erl
+++ b/src/fabric.erl

@@ -327,7 +327,7 @@
     case fabric_util:is_users_db(Db) of
     true ->
         Req = Acc0#vacc.req,
-        FakeDb = fabric_util:fake_db([{user_ctx, Req#httpd.user_ctx}]),
+        FakeDb = fabric_util:fake_db(Db, [{user_ctx, Req#httpd.user_ctx}]),
         couch_users_db:after_doc_read(DDoc, FakeDb);
     false ->
         ok

diff --git a/src/fabric_doc_update.erl b/src/fabric_doc_update.erl
index 25bd800..2624c47 100644
--- a/src/fabric_doc_update.erl
+++ b/src/fabric_doc_update.erl

@@ -99,11 +99,14 @@
     throw({bad_request, Msg}).
 
 before_doc_update(DbName, Docs, Opts) ->
-    Db = fabric_util:fake_db(Opts),
     case {fabric_util:is_replicator_db(DbName), fabric_util:is_users_db(DbName)} of
         {true, _} ->
+            %% fake db is expensive to create so we only do it if we have to
+            Db = fabric_util:fake_db(DbName, Opts),
             [couch_replicator_manager:before_doc_update(Doc, Db) || Doc <- Docs];
         {_, true} ->
+            %% fake db is expensive to create so we only do it if we have to
+            Db = fabric_util:fake_db(DbName, Opts),
             [couch_users_db:before_doc_update(Doc, Db) || Doc <- Docs];
         _ ->
             Docs

diff --git a/src/fabric_util.erl b/src/fabric_util.erl
index 0256fb6..17e9c1e 100644
--- a/src/fabric_util.erl
+++ b/src/fabric_util.erl

@@ -18,7 +18,7 @@
 -export([request_timeout/0, attachments_timeout/0, all_docs_timeout/0]).
 -export([stream_start/2, stream_start/4]).
 -export([log_timeout/2, remove_done_workers/2]).
--export([is_users_db/1, is_replicator_db/1, fake_db/1]).
+-export([is_users_db/1, is_replicator_db/1, fake_db/2]).
 
 -compile({inline, [{doc_id_and_rev,1}]}).
 
@@ -297,9 +297,10 @@
 path_ends_with(Path, Suffix) ->
     Suffix =:= couch_db:dbname_suffix(Path).
 
-fake_db(Opts) ->
+fake_db(DbName, Opts) ->
+    {SecProps} = fabric:get_security(DbName), % as admin
     UserCtx = couch_util:get_value(user_ctx, Opts, #user_ctx{}),
-    #db{user_ctx = UserCtx}.
+    #db{name = DbName, security = SecProps, user_ctx = UserCtx}.
 
 %% test function
 kv(Item, Count) ->