-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathvalidate_doc_update.js
More file actions
65 lines (56 loc) · 1.44 KB
/
validate_doc_update.js
File metadata and controls
65 lines (56 loc) · 1.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
function (newDoc, oldDoc, userCtx) {
function forbidden(message) {
throw({forbidden : message});
};
function unauthorized(message) {
throw({unauthorized : message});
};
function require(field, message) {
message = message || "Document must have a " + field;
if (!newDoc[field]) forbidden(message);
};
function unchanged(field) {
require(field);
if (oldDoc && toJSON(oldDoc[field]) != toJSON(newDoc[field]))
throw({forbidden : "Field can't be changed: " + field});
}
var username = userCtx.name;
if(!username || typeof username != "string" || username.length<1){
unauthorized("Must be logged on");
}
if (newDoc.author) {
if(newDoc.author != username){
unauthorized("You may only update documents with author " + username);
}
}
unchanged("type");
var type = newDoc.type;
switch(type){
case "post":
unchanged("created_at");
unchanged("author");
require("title");
require("url");
break;
case "comment":
unchanged("created_at");
unchanged("author");
unchanged("post_id");
unchanged("path");
require("text");
break;
case "vote":
require("rating");
if(newDoc._id.substring(32) != username){
unauthorized("You may only vote with " + username);
}
break;
case "vote_comment":
require("rating");
unchanged("post_id");
if(newDoc._id.substring(32) != username){
unauthorized("You may only vote with " + username);
}
break;
}
}