jcoglan commented on PR #5858:
URL: https://github.com/apache/couchdb/pull/5858#issuecomment-4564956541
The occurrences of `{forbidden, _}` in the codebase that I have been able to
determine are actually involved in the path for updating a doc are:
- `chttpd:error_info({forbidden, Msg})`
- `couch_query_servers:validate_doc_update(Db, DDoc, EditDoc, DiskDoc, Ctx,
SecObj)`
- `force_reply(Doc, [FirstReply | _] = Replies, {Health, W, SWS, Acc})` and
its calls to `check_forbidden_msg(Replies)`
The last one is not obvious because the uses of `{forbidden, _}` occur only
on edge cases in quorum logic and won't be hit if all nodes return the same
reply. Nevertheless, the logic here looks as though it depends on the 2-tuple
`{forbidden, Msg}` but never uses the 2nd item in any way other than
returning/throwing it without inspecting its content. The relevant function on
`main` is here:
https://github.com/apache/couchdb/blob/750569267321f70f73d03976a8f4642efde1d1b6/src/fabric/src/fabric_doc_update.erl#L214-L253
This leans us toward sticking with `couch_query_servers` throwing a 2-tuple,
not a 3-tuple, and putting `{[{<<"failures">>, [...]}]}` as the second item.
This causes the HTTP response to look like `{ "error": "forbidden", "reason": {
"failures": [...] } }`.
We could choose to further tweak the HTTP response, but this would need
changes to `chttpd` deployed before changes to `couch_query_servers` in order
for rolling upgrades to go smoothly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]