Permalink
Browse files

add validation of userCtx before calls into fabric

  • Loading branch information...
1 parent ef071d0 commit 990207c1969e5b0d128afb4b4cb113a64159bd47 Robert Dionne committed Nov 5, 2010
Showing with 7 additions and 4 deletions.
  1. +1 −0 .gitignore
  2. +6 −4 src/chttpd_db.erl
View
1 .gitignore
@@ -0,0 +1 @@
+ebin/*
View
10 src/chttpd_db.erl
@@ -151,10 +151,11 @@ handle_design_info_req(#httpd{method='GET'}=Req, Db, #doc{id=Id} = DDoc) ->
handle_design_info_req(Req, _Db, _DDoc) ->
send_method_not_allowed(Req, "GET").
-create_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) ->
+create_db_req(#httpd{}=Req, DbName) ->
+ couch_httpd:verify_is_server_admin(Req),
N = couch_httpd:qs_value(Req, "n", couch_config:get("cluster", "n", "3")),
Q = couch_httpd:qs_value(Req, "q", couch_config:get("cluster", "q", "8")),
- case fabric:create_db(DbName, [{user_ctx,UserCtx}, {n,N}, {q,Q}]) of
+ case fabric:create_db(DbName, [{n,N}, {q,Q}]) of
ok ->
DocUrl = absolute_uri(Req, "/" ++ couch_util:url_encode(DbName)),
send_json(Req, 201, [{"Location", DocUrl}], {[{ok, true}]});
@@ -164,8 +165,9 @@ create_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) ->
throw(Error)
end.
-delete_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) ->
- case fabric:delete_db(DbName, [{user_ctx, UserCtx}]) of
+delete_db_req(#httpd{}=Req, DbName) ->
+ couch_httpd:verify_is_server_admin(Req),
+ case fabric:delete_db(DbName, []) of
ok ->
send_json(Req, 200, {[{ok, true}]});
Error ->

0 comments on commit 990207c

Please sign in to comment.