Permalink
Browse files

support system dbs. close #9 .

Systems databases are databases only available and visible by admins.
All systems databases are prefixed by `rc_` .

Ex:

    $ curl -XPUT http://127.0.0.1:5984/rc_somesystemdb
    {"error":"unauthorized","reason":"You are not a server admin."}
    $ curl -XPUT http://admin:test@127.0.0.1:5984/rc_somesystemdb
    {"ok":true}
    $ curl http://admin:test@127.0.0.1:5984/_all_dbs
    ["_replicator","_users","rc_somesystemdb"]
    $ curl http://127.0.0.1:5984/_all_dbs
    ["_replicator","_users"]
    $ curl -XPUT http://admin:test@127.0.0.1:5984/rc_somesystemdb -d'{}'
    {"error":"file_exists","reason":"The database could not be created,
the file already exists."}
    $ curl -XPUT http://admin:test@127.0.0.1:5984/rc_somesystemdb/test
-d'{}'
    {"ok":true,"id":"test","rev":"1-967a00dff5e02add41819138abb3284d"}
    $ curl -XPUT http://127.0.0.1:5984/rc_somesystemdb/test1
-d'{}'{"error":"unauthorized","reason":"You are not authorized to access
this db."}
    $ curl
http://127.0.0.1:5984/rc_somesystemdb/_all_docs{"error":"unauthorized","reason":"You
are not authorized to access this db."}
    $ curl http://admin:test@127.0.0.1:5984/rc_somesystemdb/_all_docs
    {"total_rows":1,"offset":0,"rows":[
    {"id":"test","key":"test","value":{"rev":"1-967a00dff5e02add41819138abb3284d"}}
    ]}
  • Loading branch information...
1 parent bd07515 commit 29560d9133195a500d1bd5ecb0d114aa7d4c3e7e @benoitc benoitc committed May 18, 2012
Showing with 19 additions and 1 deletion.
  1. +8 −0 apps/couch/src/couch_db.erl
  2. +11 −1 apps/couch_httpd/src/couch_httpd_misc_handlers.erl
@@ -335,6 +335,14 @@ check_is_admin(#db{user_ctx=#user_ctx{name=Name,roles=Roles}}=Db) ->
ok
end.
+check_is_member(#db{name = <<"rc_", _/binary>> } = Db) ->
+ case (catch check_is_admin(Db)) of
+ ok ->
+ ok;
+ _ ->
+ throw({unauthorized,
+ <<"You are not authorized to access this db.">>})
+ end;
check_is_member(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) ->
case (catch check_is_admin(Db)) of
ok -> ok;
@@ -74,7 +74,17 @@ handle_utils_dir_req(Req, _) ->
send_method_not_allowed(Req, "GET,HEAD").
handle_all_dbs_req(#httpd{method='GET'}=Req) ->
- {ok, DbNames} = couch_server:all_databases(),
+ IsAdmin = case catch(couch_httpd:verify_is_server_admin(Req)) of
+ ok -> true;
+ _ -> false
+ end,
+ {ok, DbNames} = couch_server:all_databases(fun
+ (<<"rc_", _/binary>>, Acc)
+ when IsAdmin =:= false ->
+ {ok, Acc};
+ (Dbname, Acc) ->
+ {ok, [Dbname|Acc]}
+ end, []),
send_json(Req, DbNames);
handle_all_dbs_req(Req) ->
send_method_not_allowed(Req, "GET,HEAD").

0 comments on commit 29560d9

Please sign in to comment.