diff options
| author | Jan Lehnardt <jan@apache.org> | 2022-11-11 13:44:26 +0100 |
|---|---|---|
| committer | Jan Lehnardt <jan@apache.org> | 2022-12-16 16:56:18 +0100 |
| commit | 207cdb38b2c1402ddb7dfbd8767c9924d2864bdc (patch) | |
| tree | 4b17c3e3a95b8df081bbfb4c1a8d8d36d4984147 | |
| parent | 5b9e274fc2ae089570dd6be2ff1170b1a70f2c84 (diff) | |
| download | couchdb-207cdb38b2c1402ddb7dfbd8767c9924d2864bdc.tar.gz | |
chore: append _users role instead of prepending it
| -rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 4 | ||||
| -rw-r--r-- | test/elixir/test/proxyauth_test.exs | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index a6cffce39..eff387a52 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -103,7 +103,7 @@ extract_roles(UserProps) -> Roles = couch_util:get_value(<<"roles">>, UserProps, []), case lists:member(<<"_admin">>, Roles) of true -> Roles; - _ -> [<<"_users">> | Roles] + _ -> Roles ++ [<<"_users">>] end. default_authentication_handler(Req) -> @@ -196,7 +196,7 @@ proxy_auth_user(Req) -> Roles = case header_value(Req, XHeaderRoles) of undefined -> []; - Else -> [<<"_users">> | re:split(Else, "\\s*,\\s*", [trim, {return, binary}])] + Else -> re:split(Else, "\\s*,\\s*", [trim, {return, binary}]) ++ [<<"_users">>] end, case chttpd_util:get_chttpd_auth_config_boolean( diff --git a/test/elixir/test/proxyauth_test.exs b/test/elixir/test/proxyauth_test.exs index 9c9638d52..0c77abff5 100644 --- a/test/elixir/test/proxyauth_test.exs +++ b/test/elixir/test/proxyauth_test.exs @@ -70,7 +70,7 @@ defmodule ProxyAuthTest do ) assert resp2.body["userCtx"]["name"] == "couch@apache.org" - assert resp2.body["userCtx"]["roles"] == ["_users", "test_role"] + assert resp2.body["userCtx"]["roles"] == ["test_role", "_users"] assert resp2.body["info"]["authenticated"] == "proxy" assert resp2.body["ok"] == true @@ -124,7 +124,7 @@ defmodule ProxyAuthTest do ) assert resp2.body["userCtx"]["name"] == "couch@apache.org" - assert resp2.body["userCtx"]["roles"] == ["_users", "test_role_1", "test_role_2"] + assert resp2.body["userCtx"]["roles"] == ["test_role_1", "test_role_2", "_users"] assert resp2.body["info"]["authenticated"] == "proxy" assert resp2.body["ok"] == true |