svn commit: r963742 - in /couchdb/branches/0.11.x: share/www/script/test/users_db.js src/couchdb/couch_httpd_auth.erl

[jchris]

Author: jchris
Date: Tue Jul 13 14:46:38 2010
New Revision: 963742

URL: http://svn.apache.org/viewvc?rev=963742&view=rev
Log:
backport r963723 (ability to delete user docs) from trunk

Modified:
    couchdb/branches/0.11.x/share/www/script/test/users_db.js
    couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl

Modified: couchdb/branches/0.11.x/share/www/script/test/users_db.js
URL: 
http://svn.apache.org/viewvc/couchdb/branches/0.11.x/share/www/script/test/users_db.js?rev=963742&r1=963741&r2=963742&view=diff
==============================================================================
--- couchdb/branches/0.11.x/share/www/script/test/users_db.js (original)
+++ couchdb/branches/0.11.x/share/www/script/test/users_db.js Tue Jul 13 
14:46:38 2010
@@ -85,7 +85,11 @@ couchTests.users_db = function(debug) {
       T(e.error == "unauthorized")
       T(/conflict/.test(e.reason))
     }
-
+    // you can delete a user doc
+    s = CouchDB.session().userCtx;
+    T(s.name == null);
+    T(s.roles.indexOf("_admin") !== -1);
+    T(usersDb.deleteDoc(jchrisWithConflict).ok);
   };
   
   run_on_modified_server(

Modified: couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl
URL: 
http://svn.apache.org/viewvc/couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl?rev=963742&r1=963741&r2=963742&view=diff
==============================================================================
--- couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl (original)
+++ couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl Tue Jul 13 
14:46:38 2010
@@ -237,18 +237,21 @@ auth_design_doc(DocId) ->
         {
             <<"validate_doc_update">>,
             <<"function(newDoc, oldDoc, userCtx) {
-                if ((oldDoc || newDoc).type != 'user') {
-                    throw({forbidden : 'doc.type must be user'});
-                } // we only validate user docs for now
                 if (newDoc._deleted === true) {
-                    // allow deletes by admins and matching users 
+                    // allow deletes by admins and matching users
                     // without checking the other fields
-                    if ((userCtx.roles.indexOf('_admin') != -1) || 
(userCtx.name == oldDoc.name)) {
+                    if ((userCtx.roles.indexOf('_admin') !== -1) ||
+                        (userCtx.name == oldDoc.name)) {
                         return;
                     } else {
-                        throw({forbidden : 'Only admins may delete other user 
docs.'});
+                        throw({forbidden: 'Only admins may delete other user 
docs.'});
                     }
                 }
+
+                if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 
'user') {
+                    throw({forbidden : 'doc.type must be user'});
+                } // we only allow user docs for now
+
                 if (!newDoc.name) {
                     throw({forbidden : 'doc.name is required'});
                 }