Skip to content

Instantly share code, notes, and snippets.

@rnewson
Created May 10, 2016 18:52
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save rnewson/b97e21b9edcee7a26ab54ba13778c724 to your computer and use it in GitHub Desktop.
Optionally allow admin_only security object by default
diff --git a/src/couch_db_updater.erl b/src/couch_db_updater.erl
index 813161a..8639db2 100644
--- a/src/couch_db_updater.erl
+++ b/src/couch_db_updater.erl
@@ -570,7 +570,7 @@ init_db(DbName, Filepath, Fd, Header0, Options) ->
[{compression, Compression}]),
case couch_db_header:security_ptr(Header) of
nil ->
- Security = [],
+ Security = default_security_object(),
SecurityPtr = nil;
SecurityPtr ->
{ok, Security} = couch_file:pread_term(Fd, SecurityPtr)
@@ -1437,3 +1437,12 @@ make_doc_summary(#db{compression = Comp}, {Body0, Atts0}) ->
end,
SummaryBin = ?term_to_bin({Body, Atts}),
couch_file:assemble_file_chunk(SummaryBin, couch_crypto:hash(md5, SummaryBin)).
+
+default_security_object() ->
+ case config:get_boolean("couchdb", "secure", false) of
+ true ->
+ [{<<"members">>,{[{<<"roles">>,[<<"_admin">>]}]}},
+ {<<"admins">>,{[{<<"roles">>,[<<"_admin">>]}]}}];
+ false ->
+ []
+ end.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment