Forbid the deletion of stack indexes/views (#2966)

nono · web-flow · commit 7b6cd922be11 · 2021-03-29T10:38:53.000+02:00
The stack needs a few CouchDB design docs for its own indexes and views.
The front applications will no longer be able to delete them with the
DELETE /data/:doctype/_design/:ddoc route.
diff --git a/pkg/couchdb/index.go b/pkg/couchdb/index.go
@@ -334,3 +334,19 @@ func InitGlobalDB() error {
 	DefineViews(g, GlobalDB, globalViews)
 	return g.Wait()
 }
+
+// CheckDesignDocCanBeDeleted will return false for an index or view used by
+// the stack.
+func CheckDesignDocCanBeDeleted(doctype, name string) bool {
+	for _, index := range Indexes {
+		if doctype == index.Doctype && name == index.Request.DDoc {
+			return false
+		}
+	}
+	for _, view := range Views {
+		if doctype == view.Doctype && name == view.Name {
+			return false
+		}
+	}
+	return true
+}
diff --git a/web/data/data.go b/web/data/data.go
@@ -456,6 +456,11 @@ func deleteDesignDoc(c echo.Context) error {
 			"error": "You must pass a rev param",
 		})
 	}
+	if !couchdb.CheckDesignDocCanBeDeleted(doctype, ddoc) {
+		return c.JSON(http.StatusForbidden, echo.Map{
+			"error": "This design doc cannot be deleted",
+		})
+	}
 	return proxy(c, "_design/"+ddoc)
 }
 
diff --git a/web/data/data_test.go b/web/data/data_test.go
@@ -1068,6 +1068,45 @@ func TestDeleteDesignDoc(t *testing.T) {
 	assert.Less(t, len(rows), nDesignDocs)
 }
 
+func TestCannotDeleteStackDesignDoc(t *testing.T) {
+	url := ts.URL + "/data/io.cozy.files/_design_docs"
+	req, _ := http.NewRequest("GET", url, nil)
+	req.Header.Add("Authorization", "Bearer "+token)
+	req.Header.Set("Content-Type", "application/json")
+	out, res, err := doRequest(req, nil)
+	assert.NoError(t, err)
+	assert.Equal(t, 200, res.StatusCode)
+	rows := out["rows"].([]interface{})
+	var indexRev, viewRev string
+	for _, row := range rows {
+		info := row.(map[string]interface{})
+		if info["id"] == "_design/dir-by-path" {
+			value := info["value"].(map[string]interface{})
+			indexRev = value["rev"].(string)
+		}
+		if info["id"] == "_design/by-parent-type-name" {
+			value := info["value"].(map[string]interface{})
+			viewRev = value["rev"].(string)
+		}
+	}
+
+	url = ts.URL + "/data/io.cozy.files/_design/dir-by-path?rev=" + indexRev
+	req, _ = http.NewRequest("DELETE", url, nil)
+	req.Header.Add("Authorization", "Bearer "+token)
+	req.Header.Set("Content-Type", "application/json")
+	_, res, err = doRequest(req, nil)
+	assert.NoError(t, err)
+	assert.Equal(t, 403, res.StatusCode)
+
+	url = ts.URL + "/data/io.cozy.files/_design/by-parent-type-name?rev=" + viewRev
+	req, _ = http.NewRequest("DELETE", url, nil)
+	req.Header.Add("Authorization", "Bearer "+token)
+	req.Header.Set("Content-Type", "application/json")
+	_, res, err = doRequest(req, nil)
+	assert.NoError(t, err)
+	assert.Equal(t, 403, res.StatusCode)
+}
+
 func TestCopyDesignDoc(t *testing.T) {
 	srcDdoc := "indextocopy"
 	targetID := "_design/indexcopied"

Original file line number	Diff line number	Diff line change
`@@ -456,6 +456,11 @@ func deleteDesignDoc(c echo.Context) error {`
`456`	`456`	`"error": "You must pass a rev param",`
`457`	`457`	`})`
`458`	`458`	`}`
	`459`	`+ if !couchdb.CheckDesignDocCanBeDeleted(doctype, ddoc) {`
	`460`	`+ return c.JSON(http.StatusForbidden, echo.Map{`
	`461`	`+ "error": "This design doc cannot be deleted",`
	`462`	`+ })`
	`463`	`+ }`
`459`	`464`	`return proxy(c, "_design/"+ddoc)`
`460`	`465`	`}`
`461`	`466`