diff options
author | Jan Lehnardt <jan@apache.org> | 2020-06-12 15:37:32 +0200 |
---|---|---|
committer | Jan Lehnardt <jan@apache.org> | 2020-07-10 19:08:52 +0200 |
commit | 6a1149cd4b0831f934df9d96c47d321cfcd26d7e (patch) | |
tree | 5f9920006c43a91db02f540426119eba6fc3089d | |
parent | e435202231c818668efd5e20280cb5a5ad4b21db (diff) | |
download | couchdb-6a1149cd4b0831f934df9d96c47d321cfcd26d7e.tar.gz |
fix(changes): only apply access logic on access enabled dbs
-rw-r--r-- | src/couch/src/couch_db.erl | 28 | ||||
-rw-r--r-- | src/couch/src/couch_db_updater.erl | 16 |
2 files changed, 24 insertions, 20 deletions
diff --git a/src/couch/src/couch_db.erl b/src/couch/src/couch_db.erl index e9bc478d8..ecd456c37 100644 --- a/src/couch/src/couch_db.erl +++ b/src/couch/src/couch_db.erl @@ -744,21 +744,25 @@ security_error_type(#user_ctx{name=null}) -> security_error_type(#user_ctx{name=_}) -> forbidden. -validate_access(Db, #doc{meta=Meta}=Doc) -> +validate_access(Db, Doc) -> + validate_access1(has_access_enabled(Db), Db, Doc). + +validate_access1(false, _Db, _Doc) -> ok; +validate_access1(true, Db, #doc{meta=Meta}=Doc) -> case proplists:get_value(conflicts, Meta) of undefined -> % no conflicts - validate_access1(Db, Doc); + validate_access2(Db, Doc); _Else -> % only admins can read conflicted docs in _access dbs case is_admin(Db) of true -> ok; _Else2 -> throw({forbidden, <<"document is in conflict">>}) end end. -validate_access1(Db, Doc) -> - validate_access2(check_access(Db, Doc)). +validate_access2(Db, Doc) -> + validate_access3(check_access(Db, Doc)). -validate_access2(true) -> ok; -validate_access2(_) -> throw({forbidden, <<"can't touch this">>}). +validate_access3(true) -> ok; +validate_access3(_) -> throw({forbidden, <<"can't touch this">>}). check_access(Db, #doc{access=Access}=Doc) -> % couch_log:info("~ncheck da access, Doc: ~p, Db: ~p~n", [Doc, Db]), @@ -1588,9 +1592,9 @@ is_active_stream(Db, StreamEngine) -> couch_db_engine:is_active_stream(Db, StreamEngine). changes_since(Db, StartSeq, Fun, Options, Acc) when is_record(Db, db) -> - case couch_db:is_admin(Db) of - true -> couch_db_engine:fold_changes(Db, StartSeq, Fun, Options, Acc); - false -> couch_mrview:query_changes_access(Db, StartSeq, Fun, Options, Acc) + case couch_db:has_access_enabled(Db) and not couch_db:is_admin(Db) of + true -> couch_mrview:query_changes_access(Db, StartSeq, Fun, Options, Acc); + false -> couch_db_engine:fold_changes(Db, StartSeq, Fun, Options, Acc) end. % TODO: nicked from couch_mrview, maybe move to couch_mrview.hrl @@ -1728,9 +1732,9 @@ fold_changes(Db, StartSeq, UserFun, UserAcc) -> fold_changes(Db, StartSeq, UserFun, UserAcc, []). fold_changes(Db, StartSeq, UserFun, UserAcc, Opts) -> - case couch_db:is_admin(Db) of - true -> couch_db_engine:fold_changes(Db, StartSeq, UserFun, UserAcc, Opts); - false -> couch_mrview:query_changes_access(Db, StartSeq, UserFun, Opts, UserAcc) + case couch_db:has_access_enabled(Db) and not couch_db:is_admin(Db) of + true -> couch_mrview:query_changes_access(Db, StartSeq, UserFun, Opts, UserAcc); + false -> couch_db_engine:fold_changes(Db, StartSeq, UserFun, UserAcc, Opts) end. fold_purge_infos(Db, StartPurgeSeq, Fun, Acc) -> diff --git a/src/couch/src/couch_db_updater.erl b/src/couch/src/couch_db_updater.erl index 164c8b708..b108aca69 100644 --- a/src/couch/src/couch_db_updater.erl +++ b/src/couch/src/couch_db_updater.erl @@ -453,11 +453,11 @@ merge_rev_trees([], [], Acc) -> add_infos = lists:reverse(Acc#merge_acc.add_infos) }}; merge_rev_trees([NewDocs | RestDocsList], [OldDocInfo | RestOldInfo], Acc) -> - couch_log:info("~nNewDocs: ~p~n", [NewDocs]), - couch_log:info("~nRestDocsList: ~p~n", [RestDocsList]), - couch_log:info("~nOldDocInfo: ~p~n", [OldDocInfo]), - couch_log:info("~nRestOldInfo: ~p~n", [RestOldInfo]), - couch_log:info("~nAcc: ~p~n", [Acc]), + % couch_log:info("~nNewDocs: ~p~n", [NewDocs]), + % couch_log:info("~nRestDocsList: ~p~n", [RestDocsList]), + % couch_log:info("~nOldDocInfo: ~p~n", [OldDocInfo]), + % couch_log:info("~nRestOldInfo: ~p~n", [RestOldInfo]), + % couch_log:info("~nAcc: ~p~n", [Acc]), #merge_acc{ revs_limit = Limit, merge_conflicts = MergeConflicts, @@ -669,9 +669,9 @@ update_docs_int(Db, DocsList, LocalDocs, MergeConflicts) -> cur_seq = UpdateSeq, full_partitions = FullPartitions }, - couch_log:info("~nDocsList: ~p~n", [DocsList]), - couch_log:info("~nOldDocInfos: ~p~n", [OldDocInfos]), - couch_log:info("~nAccIn: ~p~n", [AccIn]), + % couch_log:info("~nDocsList: ~p~n", [DocsList]), + % couch_log:info("~nOldDocInfos: ~p~n", [OldDocInfos]), + % couch_log:info("~nAccIn: ~p~n", [AccIn]), {ok, AccOut} = merge_rev_trees(DocsList, OldDocInfos, AccIn), #merge_acc{ add_infos = NewFullDocInfos, |