[jira] [Commented] (COUCHDB-1316) Error in the validate_doc_update function of the _users db

Sat, 29 Oct 2011 07:37:54 -0700 

    [ 
https://issues.apache.org/jira/browse/COUCHDB-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13139320#comment-13139320
 ] 

Jan Lehnardt commented on COUCHDB-1316:
---------------------------------------

Good catch, 
http://git-wip-us.apache.org/repos/asf/couchdb/repo?p=couchdb.git;a=commit;h=b25cb7456e52dbce94d30da9b0c6f810cccf5a60
 fixes the validation function and a sets a default for couch_util:get_value() 
in the auth cache to [] (instead of the undefined atom).

I'd appreciate a review from Filipe here :)
                
> Error in the validate_doc_update function of the _users db
> ----------------------------------------------------------
>
>                 Key: COUCHDB-1316
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1316
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Database Core
>    Affects Versions: 1.1
>            Reporter: Daniel Truemper
>            Priority: Trivial
>
> Hi!
> In the validate_doc_update method of the _users database is a small error. On 
> the one hand it seems that the `roles` attribute of the user doc is not 
> required:
>         if (newDoc.roles && !isArray(newDoc.roles)) {
>             throw({forbidden: 'doc.roles must be an array'});
>         }
> On the other hand the function iterates over the roles:
>         // no system roles in users db
>         for (var i = 0; i < newDoc.roles.length; i++) {
>             if (newDoc.roles[i][0] === '_') {
>                 throw({
>                     forbidden:
>                     'No system roles (starting with underscore) in users db.'
>                 });
>             }
>         }
> So, is the roles field required? If so, then throwing a real error would be 
> nice since I only get a stack trace from CouchDB. If it is not required, 
> checking it's presence before iterating over it would be necessary.
> I am kind of lost in all the new Git handling and such. Would it be 
> appropriate to open a Github Pull Request? Or should I add a patch to this 
> issue? Depending on the answer to the roles question I could provide a patch 
> since it is trivial enough for me I guess :)
> Cheers,
> Daniel

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to