couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Allowing specific field value updates only
Date Tue, 16 Nov 2010 21:01:17 GMT

On 16 Nov 2010, at 18:40, Robert Newson wrote:

> a validation function will have the current document, the proposed new
> document, and the user context, so it should be simple to enforce
> these conditions.

In code:

  function(newDoc, oldDoc, userCtX) {
    if(userCtx.roles.indexOf("_admin") == -1) { // not an admin
      if(newDoc.field > oldDoc.field) { // your condition is this
        throw({forbidden : message});
      }
    }
  }

Cheers
Jan
-- 


> 
> B.
> 
> On Tue, Nov 16, 2010 at 5:30 PM, Wordit Ltd <wordituk@googlemail.com> wrote:
>> Can anybody think of a way to allow _user to decrease a field value,
>> but not increase it?
>> Increments would only be allowed to _admin. I can only think to
>> compare the new value with the old one and see if it is greater or
>> less.
>> 
>> Would that work in a validation function, and is it secure?
>> 
>> I'm trying keep as many update actions to the client-side. If I let
>> admin do all the updates then I have to use an Ajax call to the
>> server.
>> 
>> Marcus
>> 


Mime
View raw message