You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@couchdb.apache.org by "Jan Lehnardt (Assigned) (JIRA)" <ji...@apache.org> on 2011/10/29 16:37:32 UTC

[jira] [Assigned] (COUCHDB-1316) Error in the validate_doc_update function of the _users db

     [ https://issues.apache.org/jira/browse/COUCHDB-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Lehnardt reassigned COUCHDB-1316:
-------------------------------------

    Assignee: Filipe Manana
    
> Error in the validate_doc_update function of the _users db
> ----------------------------------------------------------
>
>                 Key: COUCHDB-1316
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1316
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Database Core
>    Affects Versions: 1.1
>            Reporter: Daniel Truemper
>            Assignee: Filipe Manana
>            Priority: Trivial
>
> Hi!
> In the validate_doc_update method of the _users database is a small error. On the one hand it seems that the `roles` attribute of the user doc is not required:
>         if (newDoc.roles && !isArray(newDoc.roles)) {
>             throw({forbidden: 'doc.roles must be an array'});
>         }
> On the other hand the function iterates over the roles:
>         // no system roles in users db
>         for (var i = 0; i < newDoc.roles.length; i++) {
>             if (newDoc.roles[i][0] === '_') {
>                 throw({
>                     forbidden:
>                     'No system roles (starting with underscore) in users db.'
>                 });
>             }
>         }
> So, is the roles field required? If so, then throwing a real error would be nice since I only get a stack trace from CouchDB. If it is not required, checking it's presence before iterating over it would be necessary.
> I am kind of lost in all the new Git handling and such. Would it be appropriate to open a Github Pull Request? Or should I add a patch to this issue? Depending on the answer to the roles question I could provide a patch since it is trivial enough for me I guess :)
> Cheers,
> Daniel

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira