[COUCHDB-1502] Users unable to delete own _users doc - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.2
Fix Version/s: 1.2.1
Component/s: None
Labels:
None

Skill Level:
New Contributors Level (Easy)

Description

Since the introduction of system db security a user cannot delete their own _users doc. This is because we test that the "name" field of the updated document matches the userCtx. It doesn't in the case of a DELETE because the body only contains _id, _rev and _deleted.

Changing the code to compare the username embedded in the doc _id instead is a fix.

Attachments

Activity

People

Assignee:: Robert Newson

Reporter:: Robert Newson

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 23/Jun/12 11:07

Updated:: 23/Jun/12 12:15

Resolved:: 23/Jun/12 12:15