feat(utils): add ddoc validation fun

author: Jan Lehnardt <jan@apache.org> 2020-07-26 19:59:27 +0200
committer: Jan Lehnardt <jan@apache.org> 2020-07-26 20:09:36 +0200
commit: 0701b1afaaaa4a58ee50edcea229df963d240689 (patch)
tree: 18049c5c9e2f7ea47fb386a26f9ec26021c700fc
parent: 02d191820d38d9ec4cd3a8c875b11aee8921768b (diff)
download: couchdb-0701b1afaaaa4a58ee50edcea229df963d240689.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/src/couch/src/couch_util.erl b/src/couch/src/couch_util.erl
index dffb68152..dbd77557c 100644
--- a/src/couch/src/couch_util.erl
+++ b/src/couch/src/couch_util.erl
@@ -40,6 +40,7 @@
 -export([check_md5/2]).
 -export([set_mqd_off_heap/1]).
 -export([set_process_priority/2]).
+-export([validate_design_access/1, validate_design_access/2]).
 
 -include_lib("couch/include/couch_db.hrl").
 
@@ -763,3 +764,16 @@ check_config_blacklist(Section) ->
     _ ->
         ok
     end.
+
+validate_design_access(DDoc) ->
+    validate_design_access1(DDoc, true).
+
+validate_design_access(Db, DDoc) ->
+    validate_design_access1(DDoc, couch_db:has_access_enabled(Db)).
+
+validate_design_access1(_DDoc, false) -> ok;
+validate_design_access1(DDoc, true) ->
+    is_users_ddoc(DDoc).
+
+is_users_ddoc(#doc{access=[<<"_users">>]}) -> ok;
+is_users_ddoc(_) -> throw({forbidden, <<"per-user ddoc access">>}).
author	Jan Lehnardt <jan@apache.org>	2020-07-26 19:59:27 +0200
committer	Jan Lehnardt <jan@apache.org>	2020-07-26 20:09:36 +0200
commit	0701b1afaaaa4a58ee50edcea229df963d240689 (patch)
tree	18049c5c9e2f7ea47fb386a26f9ec26021c700fc
parent	02d191820d38d9ec4cd3a8c875b11aee8921768b (diff)
download	couchdb-0701b1afaaaa4a58ee50edcea229df963d240689.tar.gz