Author: jchris Date: Tue Jul 13 14:46:38 2010 New Revision: 963742 URL: http://svn.apache.org/viewvc?rev=963742&view=rev Log: backport r963723 (ability to delete user docs) from trunk
Modified: couchdb/branches/0.11.x/share/www/script/test/users_db.js couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl Modified: couchdb/branches/0.11.x/share/www/script/test/users_db.js URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/share/www/script/test/users_db.js?rev=963742&r1=963741&r2=963742&view=diff ============================================================================== --- couchdb/branches/0.11.x/share/www/script/test/users_db.js (original) +++ couchdb/branches/0.11.x/share/www/script/test/users_db.js Tue Jul 13 14:46:38 2010 @@ -85,7 +85,11 @@ couchTests.users_db = function(debug) { T(e.error == "unauthorized") T(/conflict/.test(e.reason)) } - + // you can delete a user doc + s = CouchDB.session().userCtx; + T(s.name == null); + T(s.roles.indexOf("_admin") !== -1); + T(usersDb.deleteDoc(jchrisWithConflict).ok); }; run_on_modified_server( Modified: couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl?rev=963742&r1=963741&r2=963742&view=diff ============================================================================== --- couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl (original) +++ couchdb/branches/0.11.x/src/couchdb/couch_httpd_auth.erl Tue Jul 13 14:46:38 2010 @@ -237,18 +237,21 @@ auth_design_doc(DocId) -> { <<"validate_doc_update">>, <<"function(newDoc, oldDoc, userCtx) { - if ((oldDoc || newDoc).type != 'user') { - throw({forbidden : 'doc.type must be user'}); - } // we only validate user docs for now if (newDoc._deleted === true) { - // allow deletes by admins and matching users + // allow deletes by admins and matching users // without checking the other fields - if ((userCtx.roles.indexOf('_admin') != -1) || (userCtx.name == oldDoc.name)) { + if ((userCtx.roles.indexOf('_admin') !== -1) || + (userCtx.name == oldDoc.name)) { return; } else { - throw({forbidden : 'Only admins may delete other user docs.'}); + throw({forbidden: 'Only admins may delete other user docs.'}); } } + + if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') { + throw({forbidden : 'doc.type must be user'}); + } // we only allow user docs for now + if (!newDoc.name) { throw({forbidden : 'doc.name is required'}); }