Merge pull request #59 from Kashoo/issue-22-23-allow-admin-api

Issues #22 & #23: Allow admin API to create documents with no authorization methods
OldSneerJaw · Nov 30, 2016 · cc31beb · cc31beb
2 parents b398aaa + b23e42f
commit cc31beb
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/etc/sync-function-template.js b/etc/sync-function-template.js
@@ -169,14 +169,15 @@ function synctos(doc, oldDoc) {
       }
     }
 
-    var authorizationFailedMessage = 'missing channel access';
     if (!authorizedChannels && !authorizedRoles && !authorizedUsers) {
       // The document type does not define any channels, roles or users that apply to this particular write operation type, so fall back to
-      // Sync Gateway's default behaviour for an empty channel list (i.e. 403 Forbidden)
-      throw({ forbidden: authorizationFailedMessage });
+      // Sync Gateway's default behaviour for an empty channel list: 403 Forbidden for requests via the public API and either 200 OK or 201
+      // Created for requests via the admin API. That way, the admin API will always be able to create, replace or remove documents,
+      // regardless of their authorized channels, roles or users, as intended.
+      requireAccess([ ]);
     } else if (!channelMatch && !roleMatch && !userMatch) {
       // None of the authorization methods (e.g. channels, roles, users) succeeded
-      throw({ forbidden: authorizationFailedMessage });
+      throw({ forbidden: 'missing channel access' });
     }
   }
 

diff --git a/etc/test-helper.js b/etc/test-helper.js
@@ -189,8 +189,6 @@ function verifyAuthorization(expectedAuthorization) {
     if (expectedAuthorization.expectedChannels) {
       expectedOperationChannels = expectedAuthorization.expectedChannels;
       verifyRequireAccess(expectedAuthorization.expectedChannels);
-    } else {
-      expect(requireAccess.callCount).to.be(0);
     }
 
     if (expectedAuthorization.expectedRoles) {
@@ -204,6 +202,10 @@ function verifyAuthorization(expectedAuthorization) {
     } else {
       expect(requireUser.callCount).to.be(0);
     }
+
+    if (!(expectedAuthorization.expectedChannels) && !(expectedAuthorization.expectedRoles) && !(expectedAuthorization.expectedUsers)) {
+      verifyRequireAccess([ ]);
+    }
   }
 
   return expectedOperationChannels;
@@ -314,7 +316,7 @@ function verifyAccessDenied(doc, oldDoc, expectedAuthorization) {
     if (typeof(expectedAuthorization) === 'string' || expectedAuthorization instanceof Array) {
       expect(ex).to.eql(channelAccessDenied);
     } else if (countAuthorizationTypes(expectedAuthorization) === 0) {
-      expect(ex.forbidden).to.equal(generalAuthFailedMessage);
+      verifyRequireAccess([ ]);
     } else if (countAuthorizationTypes(expectedAuthorization) > 1) {
       expect(ex.forbidden).to.equal(generalAuthFailedMessage);
     } else if (expectedAuthorization.expectedChannels) {