Permit private packages if configured in the _security object

iriscouch · Jun 11, 2012 · 2e555a9 · 2e555a9
1 parent 054a373
commit 2e555a9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/registry/validate_doc_update.js b/registry/validate_doc_update.js
@@ -116,7 +116,8 @@ module.exports = function (doc, oldDoc, user, dbCtx) {
   assert(!doc.ctime, "doc.ctime is deprecated")
   assert(typeof doc.time === "object", "time must be object")
 
-  assert(!doc.private, "private packages are not allowed")
+  if(!dbCtx.npm || !dbCtx.npm['publish-privates'])
+    assert(!doc.private, "private packages are not allowed")
 
   assert(typeof doc["dist-tags"] === "object", "dist-tags must be object")
 

diff --git a/test/validate_doc_update.js b/test/validate_doc_update.js
@@ -53,9 +53,11 @@ test('Normal package updates', function(t) {
 
 test('Creating private packages is not allowed', function(t) {
   var privDoc = mkpkg()
+    , secObj = {'npm':{'publish-privates':true}}
 
   privDoc.private = true
   not_valid(t, 'private packages', 'Cannot create a private package', privDoc, null, mkctx('jason'), {})
+  valid(t, 'Support publishing private packages if configured so', privDoc, null, mkctx('jason'), secObj)
   t.end()
 })