diff options
| author | Jan Lehnardt <jan@apache.org> | 2020-07-26 20:01:06 +0200 |
|---|---|---|
| committer | Jan Lehnardt <jan@apache.org> | 2020-07-26 20:09:36 +0200 |
| commit | 92d1c4399ebb4bd1a9c64b9919f6cbe752b50bd0 (patch) | |
| tree | 320fa0fb16474d1eeadc579d00fc0627ebfc6cad | |
| parent | df3b76f144de843ca71ba516c4edcfa563335bec (diff) | |
| download | couchdb-92d1c4399ebb4bd1a9c64b9919f6cbe752b50bd0.tar.gz | |
feat(access): _users users now have a default _users role
| -rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index 45a82bd0f..cc6715e97 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -87,6 +87,13 @@ basic_name_pw(Req) -> nil end. +extract_roles(UserProps) -> + Roles = couch_util:get_value(<<"roles">>, UserProps, []), + case lists:member(<<"_admin">>, Roles) of + true -> Roles; + _ -> Roles ++ [<<"_users">>] + end. + default_authentication_handler(Req) -> default_authentication_handler(Req, couch_auth_cache). @@ -104,7 +111,7 @@ default_authentication_handler(Req, AuthModule) -> true -> Req#httpd{user_ctx=#user_ctx{ name=UserName, - roles=couch_util:get_value(<<"roles">>, UserProps, []) + roles=extract_roles(UserProps) }}; false -> authentication_warning(Req, UserName), @@ -167,7 +174,7 @@ proxy_auth_user(Req) -> Roles = case header_value(Req, XHeaderRoles) of undefined -> []; Else -> - [?l2b(R) || R <- string:tokens(Else, ",")] + [?l2b(R) || R <- string:tokens(Else, ",")] ++ [<<"_users">>] end, case config:get("couch_httpd_auth", "proxy_use_secret", "false") of "true" -> @@ -269,7 +276,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req, AuthModule) -> [User]), Req#httpd{user_ctx=#user_ctx{ name=?l2b(User), - roles=couch_util:get_value(<<"roles">>, UserProps, []) + roles=extract_roles(UserProps) }, auth={FullSecret, TimeLeft < Timeout*0.9}}; _Else -> Req |