This is an automated email from the ASF dual-hosted git repository. jan pushed a commit to branch rebase/access-2023 in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 5fd02c662175506da066b71a2a2a6078e62dde75 Author: Jan Lehnardt <[email protected]> AuthorDate: Sat Jun 25 11:10:19 2022 +0200 feat(access): add util functions --- src/couch/src/couch_util.erl | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/couch/src/couch_util.erl b/src/couch/src/couch_util.erl index 739df28e5..eaec61f96 100644 --- a/src/couch/src/couch_util.erl +++ b/src/couch/src/couch_util.erl @@ -46,6 +46,7 @@ -export([verify_hash_names/2]). -export([get_config_hash_algorithms/0]). -export([remove_sensitive_data/1]). +-export([validate_design_access/1, validate_design_access/2]). -include_lib("couch/include/couch_db.hrl"). @@ -870,3 +871,16 @@ remove_sensitive_data(KVList) -> KVList1 = lists:keyreplace(<<"password">>, 1, KVList, {<<"password">>, <<"****">>}), % some KVList entries are atoms, so test fo this too lists:keyreplace(password, 1, KVList1, {password, <<"****">>}). + +validate_design_access(DDoc) -> + validate_design_access1(DDoc, true). + +validate_design_access(Db, DDoc) -> + validate_design_access1(DDoc, couch_db:has_access_enabled(Db)). + +validate_design_access1(_DDoc, false) -> ok; +validate_design_access1(DDoc, true) -> + is_users_ddoc(DDoc). + +is_users_ddoc(#doc{access=[<<"_users">>]}) -> ok; +is_users_ddoc(_) -> throw({forbidden, <<"per-user ddoc access">>}).
