Pass user context to ddoc_cache Only administrators should be able to read design documents in the authentication DB. When the auth DB is on the clustered interface design documents are handled by ddoc_cache so it needs to be given the user context.
COUCHDB-2452 3/? Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/adc98eac Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/adc98eac Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/adc98eac Branch: refs/heads/2452-users-db-security-on-clustered-interface Commit: adc98eac80fbf1fb1296165d7c691829801e28e7 Parents: a7080c2 Author: Mike Wallace <mikewall...@apache.org> Authored: Mon Nov 10 23:27:25 2014 +0000 Committer: Mike Wallace <mikewall...@apache.org> Committed: Mon Nov 10 23:27:25 2014 +0000 ---------------------------------------------------------------------- src/chttpd_db.erl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/adc98eac/src/chttpd_db.erl ---------------------------------------------------------------------- diff --git a/src/chttpd_db.erl b/src/chttpd_db.erl index d51143c..68a6f2f 100644 --- a/src/chttpd_db.erl +++ b/src/chttpd_db.erl @@ -200,10 +200,11 @@ handle_view_cleanup_req(Req, Db) -> handle_design_req(#httpd{ path_parts=[_DbName, _Design, Name, <<"_",_/binary>> = Action | _Rest], - design_url_handlers = DesignUrlHandlers + design_url_handlers = DesignUrlHandlers, + user_ctx = Ctx }=Req, Db) -> DbName = mem3:dbname(Db#db.name), - case ddoc_cache:open(DbName, <<"_design/", Name/binary>>) of + case ddoc_cache:open(DbName, <<"_design/", Name/binary>>, [{user_ctx, Ctx}]) of {ok, DDoc} -> Handler = couch_util:get_value(Action, DesignUrlHandlers, fun bad_action_req/3),