[
https://issues.apache.org/jira/browse/COUCHDB-2991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15342078#comment-15342078
]
ASF subversion and git services commented on COUCHDB-2991:
----------------------------------------------------------
Commit 18e6fd852e7442ad957950daaaa7ee11d49255ea in couchdb-fabric's branch
refs/heads/master from [~rnewson]
[ https://git-wip-us.apache.org/repos/asf?p=couchdb-fabric.git;h=18e6fd8 ]
Pass security object in fake db
Users can be granted admin access to the special _users and
_replicator databases so we need to pass the security object to the
authorization functions.
COUCHDB-2991
> userdb behaves less strict on cluster
> -------------------------------------
>
> Key: COUCHDB-2991
> URL: https://issues.apache.org/jira/browse/COUCHDB-2991
> Project: CouchDB
> Issue Type: Bug
> Reporter: Sebastian Rothbucher
> Assignee: Robert Newson
> Priority: Blocker
>
> Topic #1: _design/auth does not get installed on custom users DB
> To reproduce: set both
> [{section: "couch_httpd_auth",
> key: "authentication_db", value: usersDb.name},
> {section: "chttpd_auth",
> key: "authentication_db", value: usersDb.name}]
> to a usersDB that is not _users and check if the document is there (certainly
> minor)
> Topic #2: conflicts in user docs don't seem to bother any longer
> To reproduce: produce a conflict in a user doc (the users_db.js test does
> that also) and try to login (which works)
> Topic #3: any user can call _all_docs on _users via cluster port (not
> backdoor)
> To reproduce: create a user doc and use it to get _users/_all_docs (once on
> cluster, once on backdoor), you'll see the difference: cluster allows the
> action while backdoor does not
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
