From dbd4059a11e89e23c2162df797b5e4967da5e462 Mon Sep 17 00:00:00 2001 From: benoitc Date: Mon, 13 Jul 2015 11:36:00 +0200 Subject: [PATCH 1/2] don't enforce roles types --- include/couch_js_functions.hrl | 6 ------ 1 file changed, 6 deletions(-) diff --git a/include/couch_js_functions.hrl b/include/couch_js_functions.hrl index a48feae..8c1b5ec 100644 --- a/include/couch_js_functions.hrl +++ b/include/couch_js_functions.hrl @@ -39,12 +39,6 @@ throw({forbidden: 'doc.roles must be an array'}); } - for (var idx = 0; idx < newDoc.roles.length; idx++) { - if (typeof newDoc.roles[idx] !== 'string') { - throw({forbidden: 'doc.roles can only contain strings'}); - } - } - if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) { throw({ forbidden: 'Doc ID must be of the form org.couchdb.user:name' From a5f48e4cc6f4704a96b040f5ec9c560fe656c894 Mon Sep 17 00:00:00 2001 From: benoitc Date: Mon, 13 Jul 2015 11:44:50 +0200 Subject: [PATCH 2/2] fix roles validation in security doc --- src/couch_db.erl | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/couch_db.erl b/src/couch_db.erl index e845fc1..4fedc7e 100644 --- a/src/couch_db.erl +++ b/src/couch_db.erl @@ -397,10 +397,8 @@ validate_names_and_roles({Props}) when is_list(Props) -> _ -> throw("names must be a JSON list of strings") end, case couch_util:get_value(<<"roles">>,Props,[]) of - Rs when is_list(Rs) -> - [throw("roles must be a JSON list of strings") ||R <- Rs, not is_binary(R)], - Rs; - _ -> throw("roles must be a JSON list of strings") + Rs when is_list(Rs) -> Rs; + _ -> throw("roles must be a JSON list.") end, ok.