Author: jchris Date: Sat Nov 27 04:41:20 2010 New Revision: 1039619 URL: http://svn.apache.org/viewvc?rev=1039619&view=rev Log: rename "readers" to "members" in _security object, keep backwards compatibility with old security objects"
Modified: couchdb/trunk/share/www/dialog/_database_security.html couchdb/trunk/share/www/script/futon.browse.js couchdb/trunk/share/www/script/test/reader_acl.js couchdb/trunk/share/www/script/test/replication.js couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js couchdb/trunk/src/couchdb/couch_db.erl Modified: couchdb/trunk/share/www/dialog/_database_security.html URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/dialog/_database_security.html?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/dialog/_database_security.html (original) +++ couchdb/trunk/share/www/dialog/_database_security.html Sat Nov 27 04:41:20 2010 @@ -16,12 +16,12 @@ specific language governing permissions <h2>Security</h2> <fieldset> <p class="help"> - Each database contains lists of admins and readers. - Admins and readers are each defined by <tt>names</tt> and <tt>roles</tt>, which are lists of strings. + Each database contains lists of admins and members. + Admins and members are each defined by <tt>names</tt> and <tt>roles</tt>, which are lists of strings. </p> <h3>Admins</h3> - <p class="help">Database admins can update design documents and edit the readers list.</p> + <p class="help">Database admins can update design documents and edit the admin and member lists.</p> <table summary=""><tbody><tr> <th><label>Names:</label></th> <td><input type="text" name="admin_names" size="40"></td> @@ -31,14 +31,14 @@ specific language governing permissions </tr> </tbody></table> - <h3>Readers</h3> - <p class="help">Database readers can access the database. If no readers are defined, the database is public.</p> + <h3>Members</h3> + <p class="help">Database members can access the database. If no members are defined, the database is public.</p> <table summary=""><tbody><tr> <th><label>Names:</label></th> - <td><input type="text" name="reader_names" size="40"></td> + <td><input type="text" name="member_names" size="40"></td> </tr><tr> <th><label>Roles:</label></th> - <td><input type="text" name="reader_roles" size="40"></td> + <td><input type="text" name="member_roles" size="40"></td> </tr> </tbody></table> Modified: couchdb/trunk/share/www/script/futon.browse.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/futon.browse.js?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/script/futon.browse.js [utf-8] (original) +++ couchdb/trunk/share/www/script/futon.browse.js [utf-8] Sat Nov 27 04:41:20 2010 @@ -189,26 +189,34 @@ } this.databaseSecurity = function() { + function namesAndRoles(r, key) { + var names = []; + var roles = []; + if (r && typeof r[key + "s"] === "object") { + if ($.isArray(r[key + "s"]["names"])) { + names = r[key + "s"]["names"]; + } + if ($.isArray(r[key + "s"]["roles"])) { + roles = r[key + "s"]["roles"]; + } + } + return {names : names, roles: roles}; + }; + $.showDialog("dialog/_database_security.html", { load : function(d) { db.getDbProperty("_security", { success: function(r) { - ["admin", "reader"].forEach(function(key) { - var names = []; - var roles = []; - - if (r && typeof r[key + "s"] === "object") { - if ($.isArray(r[key + "s"]["names"])) { - names = r[key + "s"]["names"]; - } - if ($.isArray(r[key + "s"]["roles"])) { - roles = r[key + "s"]["roles"]; - } - } - - $("input[name=" + key + "_names]", d).val(JSON.stringify(names)); - $("input[name=" + key + "_roles]", d).val(JSON.stringify(roles)); - }); + var admins = namesAndRoles(r, "admin") + , members = namesAndRoles(r, "member"); + if (members.names.length + members.roles.length == 0) { + // backwards compatibility with readers for 1.x + members = namesAndRoles(r, "reader"); + } + $("input[name=admin_names]", d).val(JSON.stringify(admins.names)); + $("input[name=admin_roles]", d).val(JSON.stringify(admins.roles)); + $("input[name=member_names]", d).val(JSON.stringify(members.names)); + $("input[name=member_roles]", d).val(JSON.stringify(members.roles)); } }); }, @@ -220,13 +228,13 @@ names: [], roles: [] }, - readers: { + members: { names: [], roles: [] } }; - ["admin", "reader"].forEach(function(key) { + ["admin", "member"].forEach(function(key) { var names, roles; try { Modified: couchdb/trunk/share/www/script/test/reader_acl.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/reader_acl.js?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/script/test/reader_acl.js (original) +++ couchdb/trunk/share/www/script/test/reader_acl.js Sat Nov 27 04:41:20 2010 @@ -37,7 +37,7 @@ couchTests.reader_acl = function(debug) T(secretDb.open("baz").foo == "bar"); T(secretDb.setSecObj({ - "readers" : { + "members" : { roles : ["super-secret-club"], names : ["joe","barb"] } @@ -64,13 +64,13 @@ couchTests.reader_acl = function(debug) CouchDB.logout(); // make anyone with the top-secret role an admin - // db admins are automatically readers + // db admins are automatically members T(secretDb.setSecObj({ "admins" : { roles : ["top-secret"], names : [] }, - "readers" : { + "members" : { roles : ["super-secret-club"], names : ["joe","barb"] } @@ -90,14 +90,14 @@ couchTests.reader_acl = function(debug) CouchDB.logout(); T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1); - // admin now adds the top-secret role to the db's readers + // admin now adds the top-secret role to the db's members // and removes db-admins T(secretDb.setSecObj({ "admins" : { roles : [], names : [] }, - "readers" : { + "members" : { roles : ["super-secret-club", "top-secret"], names : ["joe","barb"] } @@ -124,10 +124,10 @@ couchTests.reader_acl = function(debug) T(CouchDB.login("jch...@apache.org", "funnybone").ok); T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1); T(secretDb.open("baz").foo == "bar"); - // readers can query stored views + // members can query stored views T(secretDb.view("foo/bar").total_rows == 1); - // readers can't do temp views + // members can't do temp views try { var results = secretDb.query(function(doc) { emit(null, null); @@ -137,13 +137,28 @@ couchTests.reader_acl = function(debug) T(true && "temp view is admin only"); } - CouchDB.logout(); + // works with readers (backwards compat with 1.0) + T(secretDb.setSecObj({ + "admins" : { + roles : [], + names : [] + }, + "readers" : { + roles : ["super-secret-club", "top-secret"], + names : ["joe","barb"] + } + }).ok); + + T(CouchDB.login("jch...@apache.org", "funnybone").ok); + T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1); + T(secretDb.open("baz").foo == "bar"); + // can't set non string reader names or roles try { secretDb.setSecObj({ - "readers" : { + "members" : { roles : ["super-secret-club", {"top-secret":"awesome"}], names : ["joe","barb"] } @@ -153,7 +168,7 @@ couchTests.reader_acl = function(debug) try { secretDb.setSecObj({ - "readers" : { + "members" : { roles : ["super-secret-club", {"top-secret":"awesome"}], names : ["joe",22] } @@ -163,7 +178,7 @@ couchTests.reader_acl = function(debug) try { secretDb.setSecObj({ - "readers" : { + "members" : { roles : ["super-secret-club", {"top-secret":"awesome"}], names : "joe" } Modified: couchdb/trunk/share/www/script/test/replication.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/replication.js?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/script/test/replication.js (original) +++ couchdb/trunk/share/www/script/test/replication.js Sat Nov 27 04:41:20 2010 @@ -623,7 +623,7 @@ couchTests.replication = function(debug) names: [], roles: ["admin"] }, - readers: { + members: { names: [], roles: ["reader"] } @@ -687,7 +687,7 @@ couchTests.replication = function(debug) names: [], roles: ["bar"] }, - readers: { + members: { names: [], roles: ["foo"] } Modified: couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js (original) +++ couchdb/trunk/share/www/spec/couch_js_instance_methods_3_spec.js Sat Nov 27 04:41:20 2010 @@ -184,15 +184,15 @@ describe 'CouchDB instance' describe '.setSecObj' it 'should return ok true' - db.setSecObj({"readers":{"names":["laura"],"roles":["president"]}}).ok.should.be_true + db.setSecObj({"members":{"names":["laura"],"roles":["president"]}}).ok.should.be_true end it 'should save a well formed object into the _security object ' - db.should.receive("request", "once").with_args("PUT", "/spec_db/_security", {body: '{"readers":{"names":["laura"],"roles":["president"]}}'}) - db.setSecObj({"readers": {"names" : ["laura"], "roles" : ["president"]}}) + db.should.receive("request", "once").with_args("PUT", "/spec_db/_security", {body: '{"members":{"names":["laura"],"roles":["president"]}}'}) + db.setSecObj({"members": {"names" : ["laura"], "roles" : ["president"]}}) end - it 'should throw an error when the readers or admins object is malformed' + it 'should throw an error when the members or admins object is malformed' -{ db.setSecObj({"admins":["cylon"]}) }.should.throw_error end Modified: couchdb/trunk/src/couchdb/couch_db.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_db.erl?rev=1039619&r1=1039618&r2=1039619&view=diff ============================================================================== --- couchdb/trunk/src/couchdb/couch_db.erl (original) +++ couchdb/trunk/src/couchdb/couch_db.erl Sat Nov 27 04:41:20 2010 @@ -26,7 +26,7 @@ -export([set_security/2,get_security/1]). -export([init/1,terminate/2,handle_call/3,handle_cast/2,code_change/3,handle_info/2]). -export([changes_since/5,changes_since/6,read_doc/2,new_revid/1]). --export([check_is_admin/1, check_is_reader/1]). +-export([check_is_admin/1, check_is_member/1]). -export([reopen/1]). -include("couch_db.hrl"). @@ -77,7 +77,7 @@ open(DbName, Options) -> case couch_server:open(DbName, Options) of {ok, Db} -> try - check_is_reader(Db), + check_is_member(Db), {ok, Db} catch throw:Error -> @@ -297,14 +297,14 @@ check_is_admin(#db{user_ctx=#user_ctx{na ok end. -check_is_reader(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) -> +check_is_member(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) -> case (catch check_is_admin(Db)) of ok -> ok; _ -> - {Readers} = get_readers(Db), - ReaderRoles = couch_util:get_value(<<"roles">>, Readers,[]), + {Members} = get_members(Db), + ReaderRoles = couch_util:get_value(<<"roles">>, Members,[]), WithAdminRoles = [<<"_admin">> | ReaderRoles], - ReaderNames = couch_util:get_value(<<"names">>, Readers,[]), + ReaderNames = couch_util:get_value(<<"names">>, Members,[]), case ReaderRoles ++ ReaderNames of [] -> ok; % no readers == public access _Else -> @@ -326,8 +326,10 @@ check_is_reader(#db{user_ctx=#user_ctx{n get_admins(#db{security=SecProps}) -> couch_util:get_value(<<"admins">>, SecProps, {[]}). -get_readers(#db{security=SecProps}) -> - couch_util:get_value(<<"readers">>, SecProps, {[]}). +get_members(#db{security=SecProps}) -> + % we fallback to readers here for backwards compatibility + couch_util:get_value(<<"members">>, SecProps, + couch_util:get_value(<<"readers">>, SecProps, {[]})). get_security(#db{security=SecProps}) -> {SecProps}. @@ -343,9 +345,11 @@ set_security(_, _) -> validate_security_object(SecProps) -> Admins = couch_util:get_value(<<"admins">>, SecProps, {[]}), - Readers = couch_util:get_value(<<"readers">>, SecProps, {[]}), + % we fallback to readers here for backwards compatibility + Members = couch_util:get_value(<<"members">>, SecProps, + couch_util:get_value(<<"readers">>, SecProps, {[]})), ok = validate_names_and_roles(Admins), - ok = validate_names_and_roles(Readers), + ok = validate_names_and_roles(Members), ok. % validate user input