Merge pull request #1652 from cloudant/restrict-active_tasks-to-server-admin

Restrict access to `_active_tasks` to server admin
author: Eric Avdey <eiri@eiri.ca> 2018-10-11 17:37:43 -0300
committer: GitHub <noreply@github.com> 2018-10-11 17:37:43 -0300
commit: 7073ef1870f070c092f63e5952b0163a51034d0c (patch)
tree: a9cf7391128da27ced3a489ebc9076e888a3d074
parent: 9675616d432b4553ebc5f77267ec05b71e05495b (diff)
parent: ec7ec28164dd62130aa475c7edae7241a48af164 (diff)
download: couchdb-7073ef1870f070c092f63e5952b0163a51034d0c.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/chttpd/src/chttpd_misc.erl b/src/chttpd/src/chttpd_misc.erl
index c72ef7cd4..7b417b442 100644
--- a/src/chttpd/src/chttpd_misc.erl
+++ b/src/chttpd/src/chttpd_misc.erl
@@ -178,6 +178,7 @@ handle_dbs_info_req(Req) ->
     send_method_not_allowed(Req, "POST").
 
 handle_task_status_req(#httpd{method='GET'}=Req) ->
+    ok = chttpd:verify_is_server_admin(Req),
     {Replies, _BadNodes} = gen_server:multi_call(couch_task_status, all),
     Response = lists:flatmap(fun({Node, Tasks}) ->
         [{[{node,Node} | Task]} || Task <- Tasks]
author	Eric Avdey <eiri@eiri.ca>	2018-10-11 17:37:43 -0300
committer	GitHub <noreply@github.com>	2018-10-11 17:37:43 -0300
commit	7073ef1870f070c092f63e5952b0163a51034d0c (patch)
tree	a9cf7391128da27ced3a489ebc9076e888a3d074
parent	9675616d432b4553ebc5f77267ec05b71e05495b (diff)
parent	ec7ec28164dd62130aa475c7edae7241a48af164 (diff)
download	couchdb-7073ef1870f070c092f63e5952b0163a51034d0c.tar.gz