> On Jun 3, 2015, at 8:53 AM, Florion COIFFÉ <[email protected]> wrote: > > Calling requireUser("snej") doesn't take the change into account if the user > making that change isn't "snej" right ?
Yes, it will reject the update with a 403 Forbidden status. > But how does requireUser function know which user is making that change ? > There must be somewhere "snej" === someUser. Where does this someUser come > from ? >From the Gateway’s REST API. Every request is authenticated, so the gateway >knows which user is making the change. The storage code that invokes the sync >function is passed the request context so it knows the user. —Jens -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/B8AC63C8-BB6F-48C8-8604-A1EF676CE750%40couchbase.com. For more options, visit https://groups.google.com/d/optout.
