On 16 Nov 2010, at 18:40, Robert Newson wrote:
> a validation function will have the current document, the proposed new
> document, and the user context, so it should be simple to enforce
> these conditions.
In code:
function(newDoc, oldDoc, userCtX) {
if(userCtx.roles.indexOf("_admin") == -1) { // not an admin
if(newDoc.field > oldDoc.field) { // your condition is this
throw({forbidden : message});
}
}
}
Cheers
Jan
--
>
> B.
>
> On Tue, Nov 16, 2010 at 5:30 PM, Wordit Ltd <[email protected]> wrote:
>> Can anybody think of a way to allow _user to decrease a field value,
>> but not increase it?
>> Increments would only be allowed to _admin. I can only think to
>> compare the new value with the old one and see if it is greater or
>> less.
>>
>> Would that work in a validation function, and is it secure?
>>
>> I'm trying keep as many update actions to the client-side. If I let
>> admin do all the updates then I have to use an Ajax call to the
>> server.
>>
>> Marcus
>>
