couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Document_Update_Validation" by StephaneAlnet
Date Tue, 08 Mar 2011 13:30:31 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Document_Update_Validation" page has been changed by StephaneAlnet.
The comment on this change is: Added some toolbox examples for the validation function..
http://wiki.apache.org/couchdb/Document_Update_Validation?action=diff&rev1=2&rev2=3

--------------------------------------------------

     a. name - String user name
     a. roles - Array of roles to which user belongs. Currently only admin role is supported.
  
+ 
+ == Toolbox ==
+ Some of these functions are found in http://guide.couchdb.org/draft/validation.html . Use
them inside your validate_doc_update functions.
+ {{{
+ 
+   function required(field, message /* optional */) {
+     message = message || "Document must have a " + field;
+     if (!newDoc[field]) throw({forbidden : message});
+   }
+ 
+   function unchanged(field) {
+     if (oldDoc && toJSON(oldDoc[field]) != toJSON(newDoc[field]))
+       throw({forbidden : "Field can't be changed: " + field});
+   }
+ 
+   function user_is(role) {
+     return userCtx.roles.indexOf(role) >= 0;
+   }
+ 
+ }}}
+ 
+ Here is a validation function I use to manage update Authorization using the roles as an
ACL. A user may modify documents for which the accounts listed in his "roles" ACL are a prefix
of the account specified.
+ 
+ {{{
+   function user_match(account,message /* optional */) {
+     for (var i in userCtx.roles) {
+       var prefix = userCtx.roles[i];
+       /* prefix-matching: "roles" will contain strings like "account:0003546" -- or define
your own matching rules */
+       if( ("account:"+account).substring(0,prefix.length) === prefix ) return;
+     }
+     throw({forbidden : message||"No access to this account"});
+   }
+ 
+   /* Usage */
+   if(oldDoc) {
+     unchanged("account");
+     user_match(newDoc.account,"You are not authorized to modify this document");
+   } else {
+     user_match(newDoc.account,"You are not authorized to create this document");
+   }
+ }}}
+ 

Mime
View raw message