diff options
| -rw-r--r-- | src/couchdb/couch_js_functions.hrl | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/couchdb/couch_js_functions.hrl b/src/couchdb/couch_js_functions.hrl index 6c2ad8df..0cc49d62 100644 --- a/src/couchdb/couch_js_functions.hrl +++ b/src/couchdb/couch_js_functions.hrl @@ -138,6 +138,8 @@ } var isReplicator = (userCtx.roles.indexOf('_replicator') >= 0); + var isAdmin = (userCtx.roles.indexOf('_admin') >= 0); + if (oldDoc && !newDoc._deleted && !isReplicator) { reportError('Only the replicator can edit replication documents.'); } @@ -178,6 +180,12 @@ } if (newDoc.user_ctx) { + if (!isAdmin) { + reportError('Delegated replications (use of the ' + + '`user_ctx\\' property) can only be triggered by ' + + 'administrators.'); + } + var user_ctx = newDoc.user_ctx; if ((typeof user_ctx !== 'object') || (user_ctx === null)) { |