Repository: couchdb-chttpd Updated Branches: refs/heads/2452-users-db-security-on-clustered-interface [created] 569b00f30
Only admin can read _changes on clustered _users COUCHDB-2452 1/? Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/1193c3c2 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/1193c3c2 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/1193c3c2 Branch: refs/heads/2452-users-db-security-on-clustered-interface Commit: 1193c3c2dc0aab21a8369a969ca1e53f36e74cb7 Parents: b44515f Author: Mike Wallace <[email protected]> Authored: Mon Nov 10 23:16:10 2014 +0000 Committer: Mike Wallace <[email protected]> Committed: Mon Nov 10 23:16:10 2014 +0000 ---------------------------------------------------------------------- src/chttpd_db.erl | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/1193c3c2/src/chttpd_db.erl ---------------------------------------------------------------------- diff --git a/src/chttpd_db.erl b/src/chttpd_db.erl index 24eb78c..d51143c 100644 --- a/src/chttpd_db.erl +++ b/src/chttpd_db.erl @@ -56,7 +56,16 @@ handle_request(#httpd{path_parts=[DbName|RestParts],method=Method, do_db_req(Req, Handler) end. -handle_changes_req(#httpd{method='GET'}=Req, Db) -> +handle_changes_req(#httpd{method='GET'}=Req, #db{name=DbName}=Db) -> + AuthDbName = ?l2b(config:get("chttpd_auth", "authentication_db")), + case AuthDbName of + DbName -> + % in the authentication database, _changes is admin-only. + ok = couch_db:check_is_admin(Db); + _Else -> + % on other databases, _changes is free for all. + ok + end, #changes_args{filter=Raw, style=Style} = Args0 = parse_changes_query(Req), ChangesArgs = Args0#changes_args{ filter_fun = couch_changes:configure_filter(Raw, Style, Req, Db)
