You could ensure all replications use a userCtx that has a role you don’t grant to any other user. if userCtx.roles contains it, you just "return;"
Conversely, you could give all your users a particular role that you test for. if userCtx.roles contains it, you apply all the auditing checks. B. On 19 Feb 2014, at 10:42, Alexander Shorin <[email protected]> wrote: > On Wed, Feb 19, 2014 at 2:24 PM, Robert Samuel Newson > <[email protected]> wrote: >> validate_doc_update(oldDoc, newDoc, userCtx) { >> >> if (newDoc.audit_trail[0].user != userCtx.name) { >> throw({forbidden: "You didn’t add your name to the audit trail!"}); >> } >> … >> } > > There is one issue with such approach: replications. You will not be > able to replicate documents which has different username in > audit_trail from those one who runs the replication. Or, to be more > detailed, you'll replicate fine all documents till the design document > which brings this validation function to your database and after that > you'll only able to store documents which matches replication's user. > > -- > ,,,^..^,,,
