Author: fdmanana Date: Sun Nov 21 14:04:47 2010 New Revision: 1037449 URL: http://svn.apache.org/viewvc?rev=1037449&view=rev Log: Merged revision 1037448 from trunk:
Proper verification of the roles property of a user document. Closes COUCHDB-790. Thanks Gabriel Farrell. Modified: couchdb/branches/1.0.x/share/server/loop.js couchdb/branches/1.0.x/share/server/util.js couchdb/branches/1.0.x/share/www/script/test/users_db.js couchdb/branches/1.0.x/src/couchdb/couch_js_functions.hrl Modified: couchdb/branches/1.0.x/share/server/loop.js URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/share/server/loop.js?rev=1037449&r1=1037448&r2=1037449&view=diff ============================================================================== --- couchdb/branches/1.0.x/share/server/loop.js (original) +++ couchdb/branches/1.0.x/share/server/loop.js Sun Nov 21 14:04:47 2010 @@ -26,6 +26,7 @@ function init_sandbox() { sandbox.start = Render.start; sandbox.send = Render.send; sandbox.getRow = Render.getRow; + sandbox.isArray = isArray; } catch (e) { log(e.toSource()); } Modified: couchdb/branches/1.0.x/share/server/util.js URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/share/server/util.js?rev=1037449&r1=1037448&r2=1037449&view=diff ============================================================================== --- couchdb/branches/1.0.x/share/server/util.js (original) +++ couchdb/branches/1.0.x/share/server/util.js Sun Nov 21 14:04:47 2010 @@ -124,3 +124,7 @@ function log(message) { } respond(["log", String(message)]); }; + +function isArray(obj) { + return toString.call(obj) === "[object Array]"; +} Modified: couchdb/branches/1.0.x/share/www/script/test/users_db.js URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/share/www/script/test/users_db.js?rev=1037449&r1=1037448&r2=1037449&view=diff ============================================================================== --- couchdb/branches/1.0.x/share/www/script/test/users_db.js (original) +++ couchdb/branches/1.0.x/share/www/script/test/users_db.js Sun Nov 21 14:04:47 2010 @@ -90,6 +90,27 @@ couchTests.users_db = function(debug) { T(s.name == null); T(s.roles.indexOf("_admin") !== -1); T(usersDb.deleteDoc(jchrisWithConflict).ok); + + // you can't change doc from type "user" + jchrisUserDoc = usersDb.open(jchrisUserDoc._id); + jchrisUserDoc.type = "not user"; + try { + usersDb.save(jchrisUserDoc); + T(false && "should only allow us to save doc when type == 'user'"); + } catch(e) { + T(e.reason == "doc.type must be user"); + } + jchrisUserDoc.type = "user"; + + // "roles" must be an array + jchrisUserDoc.roles = "not an array"; + try { + usersDb.save(jchrisUserDoc); + T(false && "should only allow us to save doc when roles is an array"); + } catch(e) { + T(e.reason == "doc.roles must be an array"); + } + jchrisUserDoc.roles = []; }; usersDb.deleteDb(); @@ -100,4 +121,4 @@ couchTests.users_db = function(debug) { ); usersDb.deleteDb(); // cleanup -} \ No newline at end of file +} Modified: couchdb/branches/1.0.x/src/couchdb/couch_js_functions.hrl URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_js_functions.hrl?rev=1037449&r1=1037448&r2=1037449&view=diff ============================================================================== --- couchdb/branches/1.0.x/src/couchdb/couch_js_functions.hrl (original) +++ couchdb/branches/1.0.x/src/couchdb/couch_js_functions.hrl Sun Nov 21 14:04:47 2010 @@ -31,7 +31,7 @@ throw({forbidden: 'doc.name is required'}); } - if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) { + if (newDoc.roles && !isArray(newDoc.roles)) { throw({forbidden: 'doc.roles must be an array'}); }