Pass security object in fake db
Users can be granted admin access to the special _users and
_replicator databases so we need to pass the security object to the
authorization functions.
COUCHDB-2991
diff --git a/src/fabric.erl b/src/fabric.erl
index 7e1223b..ddbcb94 100644
--- a/src/fabric.erl
+++ b/src/fabric.erl
@@ -327,7 +327,7 @@
case fabric_util:is_users_db(Db) of
true ->
Req = Acc0#vacc.req,
- FakeDb = fabric_util:fake_db([{user_ctx, Req#httpd.user_ctx}]),
+ FakeDb = fabric_util:fake_db(Db, [{user_ctx, Req#httpd.user_ctx}]),
couch_users_db:after_doc_read(DDoc, FakeDb);
false ->
ok
diff --git a/src/fabric_doc_update.erl b/src/fabric_doc_update.erl
index 25bd800..2624c47 100644
--- a/src/fabric_doc_update.erl
+++ b/src/fabric_doc_update.erl
@@ -99,11 +99,14 @@
throw({bad_request, Msg}).
before_doc_update(DbName, Docs, Opts) ->
- Db = fabric_util:fake_db(Opts),
case {fabric_util:is_replicator_db(DbName), fabric_util:is_users_db(DbName)} of
{true, _} ->
+ %% fake db is expensive to create so we only do it if we have to
+ Db = fabric_util:fake_db(DbName, Opts),
[couch_replicator_manager:before_doc_update(Doc, Db) || Doc <- Docs];
{_, true} ->
+ %% fake db is expensive to create so we only do it if we have to
+ Db = fabric_util:fake_db(DbName, Opts),
[couch_users_db:before_doc_update(Doc, Db) || Doc <- Docs];
_ ->
Docs
diff --git a/src/fabric_util.erl b/src/fabric_util.erl
index 0256fb6..17e9c1e 100644
--- a/src/fabric_util.erl
+++ b/src/fabric_util.erl
@@ -18,7 +18,7 @@
-export([request_timeout/0, attachments_timeout/0, all_docs_timeout/0]).
-export([stream_start/2, stream_start/4]).
-export([log_timeout/2, remove_done_workers/2]).
--export([is_users_db/1, is_replicator_db/1, fake_db/1]).
+-export([is_users_db/1, is_replicator_db/1, fake_db/2]).
-compile({inline, [{doc_id_and_rev,1}]}).
@@ -297,9 +297,10 @@
path_ends_with(Path, Suffix) ->
Suffix =:= couch_db:dbname_suffix(Path).
-fake_db(Opts) ->
+fake_db(DbName, Opts) ->
+ {SecProps} = fabric:get_security(DbName), % as admin
UserCtx = couch_util:get_value(user_ctx, Opts, #user_ctx{}),
- #db{user_ctx = UserCtx}.
+ #db{name = DbName, security = SecProps, user_ctx = UserCtx}.
%% test function
kv(Item, Count) ->