fkaempfer commented on issue #475: COUCHDB-3367: Require server admin user for db/_compact and db/_view_cleanup endpoints URL: https://github.com/apache/couchdb/pull/475#issuecomment-298633590 OK, this is my first erlang code ever written, so perhaps it could still be improved ;). The test shows (fails on master) that it is possible for unauthorized users to trigger compaction when no security is in place. When security is in place for a db, members can also trigger compaction, but should not be able to (only admins should). I did not set up a test for this special case, because it is fairly complicated to create a user in the _users db and set up _security in the test code. This is also fixed by the PR. I only wonder if it should be possible for db admins to trigger _compaction/_view_cleanup or just for server admins. This PR allows it only for server admins (and not DB admins), which would be much more complex to implement. Thanks for reviewing this PR. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
With regards, Apache Git Services
