fix(changes): only apply access logic on access enabled dbs

author: Jan Lehnardt <jan@apache.org> 2020-06-12 15:37:32 +0200
committer: Jan Lehnardt <jan@apache.org> 2020-07-10 19:08:52 +0200
commit: 6a1149cd4b0831f934df9d96c47d321cfcd26d7e (patch)
tree: 5f9920006c43a91db02f540426119eba6fc3089d
parent: e435202231c818668efd5e20280cb5a5ad4b21db (diff)
download: couchdb-6a1149cd4b0831f934df9d96c47d321cfcd26d7e.tar.gz
2 files changed, 24 insertions, 20 deletions
diff --git a/src/couch/src/couch_db.erl b/src/couch/src/couch_db.erl
index e9bc478d8..ecd456c37 100644
--- a/src/couch/src/couch_db.erl
+++ b/src/couch/src/couch_db.erl
@@ -744,21 +744,25 @@ security_error_type(#user_ctx{name=null}) ->
 security_error_type(#user_ctx{name=_}) ->
     forbidden.
 
-validate_access(Db, #doc{meta=Meta}=Doc) ->
+validate_access(Db, Doc) ->
+    validate_access1(has_access_enabled(Db), Db, Doc).
+
+validate_access1(false, _Db, _Doc) -> ok;
+validate_access1(true, Db, #doc{meta=Meta}=Doc) ->
     case proplists:get_value(conflicts, Meta) of
         undefined -> % no conflicts
-            validate_access1(Db, Doc);
+            validate_access2(Db, Doc);
         _Else -> % only admins can read conflicted docs in _access dbs
             case is_admin(Db) of
                 true -> ok;
                 _Else2 -> throw({forbidden, <<"document is in conflict">>})
             end
     end.
-validate_access1(Db, Doc) ->
-    validate_access2(check_access(Db, Doc)).
+validate_access2(Db, Doc) ->
+    validate_access3(check_access(Db, Doc)).
 
-validate_access2(true) -> ok;
-validate_access2(_) -> throw({forbidden, <<"can't touch this">>}).
+validate_access3(true) -> ok;
+validate_access3(_) -> throw({forbidden, <<"can't touch this">>}).
 
 check_access(Db, #doc{access=Access}=Doc) ->
     % couch_log:info("~ncheck da access, Doc: ~p, Db: ~p~n", [Doc, Db]),
@@ -1588,9 +1592,9 @@ is_active_stream(Db, StreamEngine) ->
     couch_db_engine:is_active_stream(Db, StreamEngine).
 
 changes_since(Db, StartSeq, Fun, Options, Acc) when is_record(Db, db) ->
-    case couch_db:is_admin(Db) of
-        true -> couch_db_engine:fold_changes(Db, StartSeq, Fun, Options, Acc);
-        false -> couch_mrview:query_changes_access(Db, StartSeq, Fun, Options, Acc)
+    case couch_db:has_access_enabled(Db) and not couch_db:is_admin(Db) of
+        true -> couch_mrview:query_changes_access(Db, StartSeq, Fun, Options, Acc);
+        false -> couch_db_engine:fold_changes(Db, StartSeq, Fun, Options, Acc)
     end.
 
 % TODO: nicked from couch_mrview, maybe move to couch_mrview.hrl
@@ -1728,9 +1732,9 @@ fold_changes(Db, StartSeq, UserFun, UserAcc) ->
     fold_changes(Db, StartSeq, UserFun, UserAcc, []).
 
 fold_changes(Db, StartSeq, UserFun, UserAcc, Opts) ->
-    case couch_db:is_admin(Db) of
-        true -> couch_db_engine:fold_changes(Db, StartSeq, UserFun, UserAcc, Opts);
-        false -> couch_mrview:query_changes_access(Db, StartSeq, UserFun, Opts, UserAcc)
+    case couch_db:has_access_enabled(Db) and not couch_db:is_admin(Db) of
+        true -> couch_mrview:query_changes_access(Db, StartSeq, UserFun, Opts, UserAcc);
+        false -> couch_db_engine:fold_changes(Db, StartSeq, UserFun, UserAcc, Opts)
     end.
 
 fold_purge_infos(Db, StartPurgeSeq, Fun, Acc) ->
diff --git a/src/couch/src/couch_db_updater.erl b/src/couch/src/couch_db_updater.erl
index 164c8b708..b108aca69 100644
--- a/src/couch/src/couch_db_updater.erl
+++ b/src/couch/src/couch_db_updater.erl
@@ -453,11 +453,11 @@ merge_rev_trees([], [], Acc) ->
         add_infos = lists:reverse(Acc#merge_acc.add_infos)
     }};
 merge_rev_trees([NewDocs | RestDocsList], [OldDocInfo | RestOldInfo], Acc) ->
-    couch_log:info("~nNewDocs: ~p~n", [NewDocs]),
-    couch_log:info("~nRestDocsList: ~p~n", [RestDocsList]),
-    couch_log:info("~nOldDocInfo: ~p~n", [OldDocInfo]),
-    couch_log:info("~nRestOldInfo: ~p~n", [RestOldInfo]),
-    couch_log:info("~nAcc: ~p~n", [Acc]),
+    % couch_log:info("~nNewDocs: ~p~n", [NewDocs]),
+    % couch_log:info("~nRestDocsList: ~p~n", [RestDocsList]),
+    % couch_log:info("~nOldDocInfo: ~p~n", [OldDocInfo]),
+    % couch_log:info("~nRestOldInfo: ~p~n", [RestOldInfo]),
+    % couch_log:info("~nAcc: ~p~n", [Acc]),
     #merge_acc{
         revs_limit = Limit,
         merge_conflicts = MergeConflicts,
@@ -669,9 +669,9 @@ update_docs_int(Db, DocsList, LocalDocs, MergeConflicts) ->
         cur_seq = UpdateSeq,
         full_partitions = FullPartitions
     },
-    couch_log:info("~nDocsList: ~p~n", [DocsList]),
-    couch_log:info("~nOldDocInfos: ~p~n", [OldDocInfos]),
-    couch_log:info("~nAccIn: ~p~n", [AccIn]),
+    % couch_log:info("~nDocsList: ~p~n", [DocsList]),
+    % couch_log:info("~nOldDocInfos: ~p~n", [OldDocInfos]),
+    % couch_log:info("~nAccIn: ~p~n", [AccIn]),
     {ok, AccOut} = merge_rev_trees(DocsList, OldDocInfos, AccIn),
     #merge_acc{
         add_infos = NewFullDocInfos,
author	Jan Lehnardt <jan@apache.org>	2020-06-12 15:37:32 +0200
committer	Jan Lehnardt <jan@apache.org>	2020-07-10 19:08:52 +0200
commit	6a1149cd4b0831f934df9d96c47d321cfcd26d7e (patch)
tree	5f9920006c43a91db02f540426119eba6fc3089d
parent	e435202231c818668efd5e20280cb5a5ad4b21db (diff)
download	couchdb-6a1149cd4b0831f934df9d96c47d321cfcd26d7e.tar.gz