You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by Apache Wiki <wi...@apache.org> on 2011/07/21 20:22:39 UTC
[Couchdb Wiki] Update of "Document_Update_Validation" by GabrielLesperance
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "Document_Update_Validation" page has been changed by GabrielLesperance:
http://wiki.apache.org/couchdb/Document_Update_Validation?action=diff&rev1=4&rev2=5
= Document Update Validation =
<<TableOfContents()>>
- A design document may define a member function called "validate_doc_update". Requests to create or update a document are validated against every "validate_doc_update" function defined in the database. The validation functions are executed in an unspecified order. A design document can contain only one validation function. Errors are thrown as javascript objects.
+ A design document may define a member function called "validate_doc_update". Requests to create or update a document are validated against every "validate_doc_update" function defined in the database. The validation functions are executed in an unspecified order. A design document can contain only one validation function. Errors are thrown as javascript objects.
Example of a design document that validates the presence of an "address" field and returns :
@@ -16, +16 @@
}"
}
}}}
+ The result of a document update without the address field will look like this:
- The result of a document update without the address field will look like this:
{{{
HTTP/1.1 403 Forbidden
WWW-Authenticate: Basic realm="administrator"
@@ -27, +27 @@
Content-Length: 57
Cache-Control: must-revalidate
- {"error":"forbbiden","reason":"Document must have an address."}
+ {"error":"forbidden","reason":"Document must have an address."}
}}}
+ The "validate_doc_update" function accepts three arguments:
-
- The "validate_doc_update" function accepts three arguments:
1. newDoc - The document to be created or used for update.
1. oldDoc - The current document if document id was specified in the HTTP request
1. userCtx - User context object, which contains three properties:
- a. db - String name of database
+ a. db - String name of database
- a. name - String user name
+ a. name - String user name
- a. roles - Array of roles to which user belongs. Currently only admin role is supported.
+ a. roles - Array of roles to which user belongs. Currently only admin role is supported.
-
== Toolbox ==
Some of these functions are found in http://guide.couchdb.org/draft/validation.html . Use them inside your validate_doc_update functions.
+
{{{
-
function required(field, message /* optional */) {
message = message || "Document must have a " + field;
if (!newDoc[field]) throw({forbidden : message});
@@ -57, +55 @@
function user_is(role) {
return userCtx.roles.indexOf(role) >= 0;
}
-
}}}
-
Here is a validation function I use to manage update Authorization using the roles as an ACL. A user may modify documents for which the accounts listed in his "roles" ACL are a prefix of the account specified.
{{{