Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-3232

user context not passed down in fabric_view_all_docs

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0
    • Fix Version/s: 2.1.0
    • Component/s: None
    • Labels:
      None

      Description

      We omitted to pass user_ctx down in fabric_view_all_docs. Since auth has happened beforehand this hasn't been an obvious issue, but it matters for the _users db as that reacts differently based on the user. couchdb intentionally hides design documents in that database from non-admins and intentionally hides the user docs of other users.

      passing the user ctx down fixes both issues.

        Issue Links

          Activity

          Hide
          githubbot ASF GitHub Bot added a comment -

          GitHub user rnewson opened a pull request:

          https://github.com/apache/couchdb-fabric/pull/73

          Pass user_ctx down to fabric_rpc

          The Options array in fabric_view_all_docs contains the

          {user_ctx, _}
          tuple but we omitted to pass it down to the open_doc command. This
          caused several incorrect behaviours for the _users database which has
          some special properties for privacy reasons.

          COUCHDB-3232

          You can merge this pull request into a Git repository by running:

          $ git pull https://github.com/cloudant/couchdb-fabric 3232-all-docs-ctx

          Alternatively you can review and apply these changes as the patch at:

          https://github.com/apache/couchdb-fabric/pull/73.patch

          To close this pull request, make a commit to your master/trunk branch
          with (at least) the following in the commit message:

          This closes #73

          ----
          commit 1ee7c63ebd0daaf0430460adda23560d03a1ba16
          Author: Robert Newson <rnewson@apache.org>
          Date: 2016-11-11T04:45:14Z

          Pass user_ctx down to fabric_rpc

          The Options array in fabric_view_all_docs contains the {user_ctx, _}

          tuple but we omitted to pass it down to the open_doc command. This
          caused several incorrect behaviours for the _users database which has
          some special properties for privacy reasons.

          COUCHDB-3232


          Show
          githubbot ASF GitHub Bot added a comment - GitHub user rnewson opened a pull request: https://github.com/apache/couchdb-fabric/pull/73 Pass user_ctx down to fabric_rpc The Options array in fabric_view_all_docs contains the {user_ctx, _} tuple but we omitted to pass it down to the open_doc command. This caused several incorrect behaviours for the _users database which has some special properties for privacy reasons. COUCHDB-3232 You can merge this pull request into a Git repository by running: $ git pull https://github.com/cloudant/couchdb-fabric 3232-all-docs-ctx Alternatively you can review and apply these changes as the patch at: https://github.com/apache/couchdb-fabric/pull/73.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #73 ---- commit 1ee7c63ebd0daaf0430460adda23560d03a1ba16 Author: Robert Newson <rnewson@apache.org> Date: 2016-11-11T04:45:14Z Pass user_ctx down to fabric_rpc The Options array in fabric_view_all_docs contains the {user_ctx, _} tuple but we omitted to pass it down to the open_doc command. This caused several incorrect behaviours for the _users database which has some special properties for privacy reasons. COUCHDB-3232
          Hide
          jira-bot ASF subversion and git services added a comment -

          Commit 1ee7c63ebd0daaf0430460adda23560d03a1ba16 in couchdb-fabric's branch refs/heads/master from Robert Newson
          [ https://git-wip-us.apache.org/repos/asf?p=couchdb-fabric.git;h=1ee7c63 ]

          Pass user_ctx down to fabric_rpc

          The Options array in fabric_view_all_docs contains the

          {user_ctx, _}

          tuple but we omitted to pass it down to the open_doc command. This
          caused several incorrect behaviours for the _users database which has
          some special properties for privacy reasons.

          COUCHDB-3232

          Show
          jira-bot ASF subversion and git services added a comment - Commit 1ee7c63ebd0daaf0430460adda23560d03a1ba16 in couchdb-fabric's branch refs/heads/master from Robert Newson [ https://git-wip-us.apache.org/repos/asf?p=couchdb-fabric.git;h=1ee7c63 ] Pass user_ctx down to fabric_rpc The Options array in fabric_view_all_docs contains the {user_ctx, _} tuple but we omitted to pass it down to the open_doc command. This caused several incorrect behaviours for the _users database which has some special properties for privacy reasons. COUCHDB-3232
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user asfgit closed the pull request at:

          https://github.com/apache/couchdb-fabric/pull/73

          Show
          githubbot ASF GitHub Bot added a comment - Github user asfgit closed the pull request at: https://github.com/apache/couchdb-fabric/pull/73
          Hide
          githubbot ASF GitHub Bot added a comment -

          GitHub user iilyak opened a pull request:

          https://github.com/apache/couchdb/pull/443

          Bump dependencies

            1. List of updates

          fabric: 7cfabb..205064

          couch_epi: f6ad55..60e7f8

          • Merge remote branch 'DeadZen:patch-1'
          • Update README.md

          mochiweb: bd6ae7..cb521b

          • Don't use message queue for request handling
          • Merge tag 'v2.12.0'
          • Revert "COUCHDB-627 - Support all timezones" ([COUCHDB-627 - Support all timezones"](https://issues.apache.org/jira/browse/COUCHDB-627 - Support all timezones"))
          • Revert "Fix Mochiweb acceptor blocked in ssl handshake"
          • Revert "Don't use message queue for request handling"
          • remove binary rebar
          • Don't use message queue for request handling
          • Fix Mochiweb acceptor blocked in ssl handshake
          • COUCHDB-627 - Support all timezones ([COUCHDB-627 - Support all timezones](https://issues.apache.org/jira/browse/COUCHDB-627 - Support all timezones))

          docs: 52a287..2993cc

          • Spelling error fix: fauxuton to fauxton

          chttpd: 3dcdb6..d6282b

          couch: b4cd67..54890e

          mango: ddd6a4..30b369

          • remove docs for missing_is_null as the feature was removed

          mem3: 252467..c3c542

          You can merge this pull request into a Git repository by running:

          $ git pull https://github.com/cloudant/couchdb bump-deps

          Alternatively you can review and apply these changes as the patch at:

          https://github.com/apache/couchdb/pull/443.patch

          To close this pull request, make a commit to your master/trunk branch
          with (at least) the following in the commit message:

          This closes #443


          commit d614f9f6dd389abeba98a05d9d481e06beb201c4
          Author: ILYA Khlopotov <iilyak@apache.org>
          Date: 2016-11-30T15:51:38Z

          Bump dependencies


          Show
          githubbot ASF GitHub Bot added a comment - GitHub user iilyak opened a pull request: https://github.com/apache/couchdb/pull/443 Bump dependencies List of updates fabric: 7cfabb..205064 Merge remote branch 'cloudant:77984-fixup' ( [FB 77984] ( https://cloudant.fogbugz.com/f/cases/77984 )) Use upgraded #mrargs{} instead of old one Merge remote branch 'cloudant:fix-typespecs' Add ` {error, Reason} ` to typespecs Merge remote branch 'cloudant:77984-upgrade-mrargs-record-phase2' ( [FB 77984] ( https://cloudant.fogbugz.com/f/cases/77984 )) Revert "Revert "Merge remote-tracking branch 'banjiewen/stale-stable-update'"" Upgrade #mrargs{} record Merge remote branch 'cloudant:77984-upgrade-mrargs-record-phase1' ( [FB 77984] ( https://cloudant.fogbugz.com/f/cases/77984 )) Compatibility clause for the record upgrade Revert "Merge remote-tracking branch 'banjiewen/stale-stable-update'" Merge remote-tracking branch 'cloudant/3232-all-docs-ctx' ( COUCHDB-3232 ( https://issues.apache.org/jira/browse/COUCHDB-3232 )) Merge branch ' COUCHDB-3234 -open-shard-timeout-counter' ( [COUCHDB-3234-open-shard-timeout-counter'] ( https://issues.apache.org/jira/browse/COUCHDB-3234-open-shard-timeout-counter ')) Track open_shard timeouts with a counter ( COUCHDB-3234 ( https://issues.apache.org/jira/browse/COUCHDB-3234 )) Pass user_ctx down to fabric_rpc ( COUCHDB-3232 ( https://issues.apache.org/jira/browse/COUCHDB-3232 )) couch_epi: f6ad55..60e7f8 Merge remote branch 'DeadZen:patch-1' Update README.md mochiweb: bd6ae7..cb521b Don't use message queue for request handling Merge tag 'v2.12.0' Revert " COUCHDB-627 - Support all timezones" ( [COUCHDB-627 - Support all timezones"] ( https://issues.apache.org/jira/browse/COUCHDB-627 - Support all timezones")) Revert "Fix Mochiweb acceptor blocked in ssl handshake" Revert "Don't use message queue for request handling" remove binary rebar Don't use message queue for request handling Fix Mochiweb acceptor blocked in ssl handshake COUCHDB-627 - Support all timezones ( [COUCHDB-627 - Support all timezones] ( https://issues.apache.org/jira/browse/COUCHDB-627 - Support all timezones)) docs: 52a287..2993cc Spelling error fix: fauxuton to fauxton chttpd: 3dcdb6..d6282b Merge remote branch 'cloudant:71810-handle-errors-terms-from-fabric' ( [FB 71810] ( https://cloudant.fogbugz.com/f/cases/71810 )) Handle error terms from fabric ( COUCHDB-3195 ( https://issues.apache.org/jira/browse/COUCHDB-3195 )) Merge remote branch 'cloudant:78077-pass-user_ctx_to_filter' ( [FB 78077] ( https://cloudant.fogbugz.com/f/cases/78077 )) Include user_ctx in db open options couch: b4cd67..54890e Handle open_result message that arrives after the delete ( COUCHDB-3241 ( https://issues.apache.org/jira/browse/COUCHDB-3241 )) Merge remote branch 'cloudant:71810-handle-errors-terms-from-fabric' ( [FB 71810] ( https://cloudant.fogbugz.com/f/cases/71810 )) Add test suite for handling errors from fabric ( COUCHDB-3195 ( https://issues.apache.org/jira/browse/COUCHDB-3195 )) Merge remote branch 'cloudant:78142-allow-user-to-correct-invalid-user-docs' ( [FB 78142] ( https://cloudant.fogbugz.com/f/cases/78142 )) Allow fixing users' documents ( COUCHDB-3231 ( https://issues.apache.org/jira/browse/COUCHDB-3231 )) Merge remote branch 'cloudant:75431-truncate-revs-to-revs_limit' ( [FB 75431] ( https://cloudant.fogbugz.com/f/cases/75431 )) Truncate revs returned from couch_db:open_doc_revs ( COUCHDB-3193 ( https://issues.apache.org/jira/browse/COUCHDB-3193 )) mango: ddd6a4..30b369 remove docs for missing_is_null as the feature was removed mem3: 252467..c3c542 Merge remote branch 'cloudant:79066-port-chunkified-replicate_batch' ( [FB 79066] ( https://cloudant.fogbugz.com/f/cases/79066 )) Chunk missing revisions before attempting to save on target ( [FB 37676] ( https://cloudant.fogbugz.com/f/cases/37676 )) You can merge this pull request into a Git repository by running: $ git pull https://github.com/cloudant/couchdb bump-deps Alternatively you can review and apply these changes as the patch at: https://github.com/apache/couchdb/pull/443.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #443 commit d614f9f6dd389abeba98a05d9d481e06beb201c4 Author: ILYA Khlopotov <iilyak@apache.org> Date: 2016-11-30T15:51:38Z Bump dependencies

            People

            • Assignee:
              Unassigned
              Reporter:
              rnewson Robert Newson
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development