jcoglan commented on PR #5858:
URL: https://github.com/apache/couchdb/pull/5858#issuecomment-4564956541

   The occurrences of `{forbidden, _}` in the codebase that I have been able to 
determine are actually involved in the path for updating a doc are:
   
   - `chttpd:error_info({forbidden, Msg})`
   - `couch_query_servers:validate_doc_update(Db, DDoc, EditDoc, DiskDoc, Ctx, 
SecObj)`
   - `force_reply(Doc, [FirstReply | _] = Replies, {Health, W, SWS, Acc})` and 
its calls to `check_forbidden_msg(Replies)`
   
   The last one is not obvious because the uses of `{forbidden, _}` occur only 
on edge cases in quorum logic and won't be hit if all nodes return the same 
reply. Nevertheless, the logic here looks as though it depends on the 2-tuple 
`{forbidden, Msg}` but never uses the 2nd item in any way other than 
returning/throwing it without inspecting its content. The relevant function on 
`main` is here: 
https://github.com/apache/couchdb/blob/750569267321f70f73d03976a8f4642efde1d1b6/src/fabric/src/fabric_doc_update.erl#L214-L253
   
   This leans us toward sticking with `couch_query_servers` throwing a 2-tuple, 
not a 3-tuple, and putting `{[{<<"failures">>, [...]}]}` as the second item. 
This causes the HTTP response to look like `{ "error": "forbidden", "reason": { 
"failures": [...] } }`.
   
   We could choose to further tweak the HTTP response, but this would need 
changes to `chttpd` deployed before changes to `couch_query_servers` in order 
for rolling upgrades to go smoothly.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to