[
https://issues.apache.org/jira/browse/COUCHDB-2990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15278507#comment-15278507
]
Jan Lehnardt commented on COUCHDB-2990:
---------------------------------------
Update from [~chewbranca] via IRC: “I think the best approach is to rip out all
of the calls to the admin checks and move them into cassim, leaving the
existing logic in place to facilitate migrations from old style security docs.
That would also provide us an opportunity to change up the auth system if we
desire I think trying to cram the logic in to work with the existing flow is
awkward and we should fix it properly once and for all by moving all the auth
to an isolated app and then do the auth checks at the API level rather than the
additional shard level checks.”
As for whether to hold 2.0 for this or leave it for later: “I think we punt on
it for 2.0 until we can completely remove the auth from the shard level”
+1 from my end
> admins not honored in _security
> -------------------------------
>
> Key: COUCHDB-2990
> URL: https://issues.apache.org/jira/browse/COUCHDB-2990
> Project: CouchDB
> Issue Type: Bug
> Components: BigCouch
> Reporter: Sebastian Rothbucher
> Priority: Blocker
> Labels: needs-pr
>
> Setting a user as admin (by name) and invoking a command (giving credentials
> via Basic Auth) comes back saying the user is no DB admin.
> Certainly minor thing for 2.1+ but 2 keep in mind; steps 2 reproduce (sorry 4
> the C&P error earlier):
> {noformat}
> [root@localhost couchdb]# curl -X PUT 'http://localhost:15984/play'
> {"ok":true}
> [root@localhost couchdb]# curl -X PUT
> 'http://localhost:15984/_users/org.couchdb.user:jerry' -d
> '{"_id":"org.couchdb.user:jerry","name":"jerry","password":"mouse","type":"user","roles":[]}'
> {"ok":true,"id":"org.couchdb.user:jerry","rev":"1-f97ddcb58c67b47084168f5945217d10"}
> [root@localhost couchdb]# curl -X PUT 'http://localhost:15984/play/_security'
> -d '{"admins": {"names": ["jerry"]}}'
> {"ok":true,"id":"db/play/_security.1461053645","rev":"2-dfe4d0fbab9b154d2100a95cefa66a92"}
> [root@localhost couchdb]# curl -X PUT 'http://localhost:15984/play/test' -d
> '{}' -u jerry:mouseee
> {"error":"unauthorized","reason":"Name or password is incorrect."}
> [root@localhost couchdb]# curl -X PUT 'http://localhost:15984/play/test' -d
> '{}' -u jerry:mouse
> {"ok":true,"id":"test","rev":"1-967a00dff5e02add41819138abb3284d"}
> [root@localhost couchdb]# curl -X PUT
> 'http://localhost:15984/play/_design/test' -d '{}' -u jerry:mouse
> {"error":"forbidden","reason":"You are not a db or server admin."}
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
