Mike Wallace created COUCHDB-2948:
-------------------------------------
Summary: Internal server error returned instead of 403 Forbidden
when cassim is disabled
Key: COUCHDB-2948
URL: https://issues.apache.org/jira/browse/COUCHDB-2948
Project: CouchDB
Issue Type: Bug
Components: Database Core
Reporter: Mike Wallace
When cassim is disabled and an authenticated user attempts to access a database
that they do not have permission to access, we should be returning an HTTP 403,
e.g.:
{"error":"forbidden","reason":"You are not allowed to access this db."}
Currently we get the following:
{"error":"internal_server_error","reason":"No DB shards could be
opened.","ref":1865933553}
What is happening is we're attempting to open all the shards with the user
context then throwing an internal server error when we run out of shards:
https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L179-L180
There is a special case for unauthorized errors:
https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L188-L189
If we add something similar for forbidden errors then that would solve this
issue.
Note this is not an issue when using cassim because it stores the security
metadata in the _metadata database.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
