janl commented on code in PR #4139:
URL: https://github.com/apache/couchdb/pull/4139#discussion_r939533587
##########
src/couch/src/couch_db.erl:
##########
@@ -770,6 +792,75 @@ security_error_type(#user_ctx{name = null}) ->
security_error_type(#user_ctx{name = _}) ->
forbidden.
+is_per_user_ddoc(#doc{access=[]}) -> false;
+is_per_user_ddoc(#doc{access=[<<"_users">>]}) -> false;
+is_per_user_ddoc(_) -> true.
+
+validate_access(Db, Doc) ->
+ validate_access(Db, Doc, []).
+
+validate_access(Db, Doc, Options) ->
+ validate_access1(has_access_enabled(Db), Db, Doc, Options).
+
+validate_access1(false, _Db, _Doc, _Options) -> ok;
+validate_access1(true, Db, #doc{meta=Meta}=Doc, Options) ->
+ case proplists:get_value(conflicts, Meta) of
+ undefined -> % no conflicts
+ case is_read_from_ddoc_cache(Options) andalso
is_per_user_ddoc(Doc) of
+ true -> throw({not_found, missing});
+ _False -> validate_access2(Db, Doc)
+ end;
+ _Else -> % only admins can read conflicted docs in _access dbs
+ % TODO: expand: if leaves agree on _access, then a user should
be able
+ % to proceed normally, only if they disagree should this
become admin-only
+ case is_admin(Db) of
+ true -> ok;
+ _Else2 -> throw({forbidden, <<"document is in conflict">>})
Review Comment:
Original comment
https://github.com/apache/couchdb/pull/3038#discussion_r475624377
> why can't users see conflicted docs in "access" enabled dbs?
Original answer:
> I might have an implementation gap here. The intention is: if leaves
disagree on _access, an admin must resolve before a user can proceed. But if
leaves agree on _access, a user should just normally be able to use this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
