Dear Wiki user, You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "Document_Update_Validation" page has been changed by StephaneAlnet. The comment on this change is: Added some toolbox examples for the validation function.. http://wiki.apache.org/couchdb/Document_Update_Validation?action=diff&rev1=2&rev2=3 -------------------------------------------------- a. name - String user name a. roles - Array of roles to which user belongs. Currently only admin role is supported. + + == Toolbox == + Some of these functions are found in http://guide.couchdb.org/draft/validation.html . Use them inside your validate_doc_update functions. + {{{ + + function required(field, message /* optional */) { + message = message || "Document must have a " + field; + if (!newDoc[field]) throw({forbidden : message}); + } + + function unchanged(field) { + if (oldDoc && toJSON(oldDoc[field]) != toJSON(newDoc[field])) + throw({forbidden : "Field can't be changed: " + field}); + } + + function user_is(role) { + return userCtx.roles.indexOf(role) >= 0; + } + + }}} + + Here is a validation function I use to manage update Authorization using the roles as an ACL. A user may modify documents for which the accounts listed in his "roles" ACL are a prefix of the account specified. + + {{{ + function user_match(account,message /* optional */) { + for (var i in userCtx.roles) { + var prefix = userCtx.roles[i]; + /* prefix-matching: "roles" will contain strings like "account:0003546" -- or define your own matching rules */ + if( ("account:"+account).substring(0,prefix.length) === prefix ) return; + } + throw({forbidden : message||"No access to this account"}); + } + + /* Usage */ + if(oldDoc) { + unchanged("account"); + user_match(newDoc.account,"You are not authorized to modify this document"); + } else { + user_match(newDoc.account,"You are not authorized to create this document"); + } + }}} +
