-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2.0.0
-
Component/s: Database Core
-
Labels:None
When cassim is disabled and an authenticated user attempts to access a database that they do not have permission to access, we should be returning an HTTP 403, e.g.:
{"error":"forbidden","reason":"You are not allowed to access this db."}Currently we get the following:
{"error":"internal_server_error","reason":"No DB shards could be opened.","ref":1865933553}What is happening is we're attempting to open all the shards with the user context then throwing an internal server error when we run out of shards:
https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L179-L180
There is a special case for unauthorized errors: https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L188-L189
If we add something similar for forbidden errors then that would solve this issue.
Note this is not an issue when using cassim because it stores the security metadata in the _metadata database.