diff options
author | John Christopher Anderson <jchris@apache.org> | 2010-01-09 19:05:31 +0000 |
---|---|---|
committer | John Christopher Anderson <jchris@apache.org> | 2010-01-09 19:05:31 +0000 |
commit | a4d7386889ac73a69592a9c4b4e26f6c44b8e46f (patch) | |
tree | 6f60b7bf2b418c6c94729f7c2dfd7c9dc92081c3 /share/www/script/test/cookie_auth.js | |
parent | 9c3377b041f07be4bef472c0cd19cfe6e97f194d (diff) |
better validations on users db
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@897521 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share/www/script/test/cookie_auth.js')
-rw-r--r-- | share/www/script/test/cookie_auth.js | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/share/www/script/test/cookie_auth.js b/share/www/script/test/cookie_auth.js index 9eadfee0..125a6dcb 100644 --- a/share/www/script/test/cookie_auth.js +++ b/share/www/script/test/cookie_auth.js @@ -99,14 +99,6 @@ couchTests.cookie_auth = function(debug) { T(e.error == "forbidden"); T(usersDb.last_req.status == 403); } - - try { - usersDb.save(underscoreUserDoc) - T(false && "Can't create underscore user names. Should have thrown an error."); - } catch (e) { - T(e.error == "forbidden"); - T(usersDb.last_req.status == 403); - } // login works T(CouchDB.login('Jason Davies', password).ok); @@ -115,6 +107,15 @@ couchTests.cookie_auth = function(debug) { // update one's own credentials document jasonUserDoc.foo=2; T(usersDb.save(jasonUserDoc).ok); + T(CouchDB.session().roles.indexOf("_admin") == -1); + // can't delete another users doc unless you are admin + try { + usersDb.deleteDoc(jchrisUserDoc); + T(false && "Can't delete other users docs. Should have thrown an error."); + } catch (e) { + T(e.error == "forbidden"); + T(usersDb.last_req.status == 403); + } // TODO should login() throw an exception here? T(!CouchDB.login('Jason Davies', "2.71828").ok); |