On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh <[email protected]> wrote: > Hi - > > The validation function validate_doc_update takes 3 parameters, newdoc, > olddoc and userContext. I am trying to get my head into how the > authentication and authorization stuff is related to this. The CouchDB book > has the following code snippet in 7.2.4 Authorship section .. > function(newDoc, oldDoc, userCtx) { > if (newDoc.author) { > enforce(newDoc.author == userCtx.author, > "You may only update documents with author " + userCtx.author); > } > } > > In my linux environment, when I run CouchDB validation functions with a > user-id and password setup in local.ini under [admins], I get the following > as the contents of the third parameter of the validation function :- > > {"db" : "test", "name" : null, "roles" : []} > > In the above snippet from the book there appears to be a field > userCtx.author. Just wondering how to get it here and why I am not seeing it > in my output. >
heh, thanks for the catch.. It should read: enforce(newDoc.author == userCtx.name > Also any pointer on the security, authentication and authorization part will > be appreciated. > I'm not sure, but you should be getting more when you are properly logged in -- this is worth investigating more. What do you get for this?: $ curl http://jchris:mysecretpassw...@localhost:5984/_session {"ok":true,"name":"jchris","roles":["_admin"]} > Thanks in advance .. > - Debasish > -- Chris Anderson http://jchrisa.net http://couch.io
