summaryrefslogtreecommitdiff
path: root/src/fauxton/_ddoc/validate_doc_update.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/fauxton/_ddoc/validate_doc_update.js')
-rw-r--r--src/fauxton/_ddoc/validate_doc_update.js39
1 files changed, 39 insertions, 0 deletions
diff --git a/src/fauxton/_ddoc/validate_doc_update.js b/src/fauxton/_ddoc/validate_doc_update.js
new file mode 100644
index 000000000..0d089d32e
--- /dev/null
+++ b/src/fauxton/_ddoc/validate_doc_update.js
@@ -0,0 +1,39 @@
+/**
+ * This function as it is only allows logged in users, or admins to create,update or delete documents
+ * @param newDoc
+ * @param oldDoc
+ * @param userCtx
+ * @param secObj
+ */
+
+function validate (newDoc, oldDoc, userCtx, secObj) {
+ var ddoc = this;
+
+ secObj.admins = secObj.admins || {};
+ secObj.admins.names = secObj.admins.names || [];
+ secObj.admins.roles = secObj.admins.roles || [];
+
+ var IS_DB_ADMIN = false;
+ if(~ userCtx.roles.indexOf('_admin')) {
+ IS_DB_ADMIN = true;
+ }
+ if(~ secObj.admins.names.indexOf(userCtx.name)) {
+ IS_DB_ADMIN = true;
+ }
+ for(var i = 0; i < userCtx.roles; i++) {
+ if(~ secObj.admins.roles.indexOf(userCtx.roles[i])) {
+ IS_DB_ADMIN = true;
+ }
+ }
+
+ var IS_LOGGED_IN_USER = false;
+ if (userCtx.name !== null) {
+ IS_LOGGED_IN_USER = true;
+ }
+
+
+ if(IS_DB_ADMIN || IS_LOGGED_IN_USER)
+ log('User : ' + userCtx.name + ' changing document: ' + newDoc._id);
+ else
+ throw {'forbidden':'Only admins and users can alter documents'};
+} \ No newline at end of file
View Lorry Controller Status