Strip non-public fields from _users all_docs on 5984 A _users DB on the admin interface will strip non-public fields from documents in the _all_docs view when include_docs=true.
This commit creates the same behaviour when the _users DB is on the clustered interface by using the appropriate callback in couch_mrview_http. COUCHDB-2452 4/? Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/593462c1 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/593462c1 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/593462c1 Branch: refs/heads/2452-users-db-security-on-clustered-interface Commit: 593462c1fa6b413aff903fac86c7110412a8dfd0 Parents: adc98ea Author: Mike Wallace <[email protected]> Authored: Mon Nov 10 23:37:02 2014 +0000 Committer: Mike Wallace <[email protected]> Committed: Mon Nov 10 23:37:02 2014 +0000 ---------------------------------------------------------------------- src/chttpd_db.erl | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/593462c1/src/chttpd_db.erl ---------------------------------------------------------------------- diff --git a/src/chttpd_db.erl b/src/chttpd_db.erl index 68a6f2f..695e540 100644 --- a/src/chttpd_db.erl +++ b/src/chttpd_db.erl @@ -549,9 +549,20 @@ all_docs_view(Req, Db, Keys) -> end, Args = Args0#mrargs{preflight_fun=ETagFun}, Options = [{user_ctx, Req#httpd.user_ctx}], + DbName = ?b2l(Db#db.name), + UsersDbName = config:get("chttpd_auth", + "authentication_db", + "_users"), + IsAdmin = case catch couch_db:check_is_admin(Db) of + {unauthorized, _} -> + false; + ok -> + true + end, + Callback = couch_mrview_http:get_view_callback(DbName, UsersDbName, IsAdmin), {ok, Resp} = couch_httpd:etag_maybe(Req, fun() -> VAcc0 = #vacc{db=Db, req=Req}, - fabric:all_docs(Db, Options, fun couch_mrview_http:view_cb/2, VAcc0, Args) + fabric:all_docs(Db, Options, Callback, VAcc0, Args) end), case is_record(Resp, vacc) of true -> {ok, Resp#vacc.resp};
