1 files changed, 24 insertions, 12 deletions

diff --git a/src/couchdb/couch_js_functions.hrl b/src/couchdb/couch_js_functions.hrl
index 0cc49d62..d07eead5 100644
--- a/src/couchdb/couch_js_functions.hrl
+++ b/src/couchdb/couch_js_functions.hrl
@@ -140,8 +140,10 @@
         var isReplicator = (userCtx.roles.indexOf('_replicator') >= 0);
         var isAdmin = (userCtx.roles.indexOf('_admin') >= 0);
 
-        if (oldDoc && !newDoc._deleted && !isReplicator) {
-            reportError('Only the replicator can edit replication documents.');
+        if (oldDoc && !newDoc._deleted && !isReplicator &&
+            (oldDoc._replication_state === 'triggered')) {
+            reportError('Only the replicator can edit replication documents ' +
+                'that are in the triggered state.');
         }
 
         if (!newDoc._deleted) {
@@ -180,12 +182,6 @@
             }
 
             if (newDoc.user_ctx) {
-                if (!isAdmin) {
-                    reportError('Delegated replications (use of the ' +
-                        '`user_ctx\\' property) can only be triggered by ' +
-                        'administrators.');
-                }
-
                 var user_ctx = newDoc.user_ctx;
 
                 if ((typeof user_ctx !== 'object') || (user_ctx === null)) {
@@ -202,24 +198,40 @@
                         'non-empty string or null.');
                 }
 
+                if (!isAdmin && (user_ctx.name !== userCtx.name)) {
+                    reportError('The given `user_ctx.name\\' is not valid');
+                }
+
                 if (user_ctx.roles && !isArray(user_ctx.roles)) {
                     reportError('The `user_ctx.roles\\' property must be ' +
                         'an array of strings.');
                 }
 
-                if (user_ctx.roles) {
+                if (!isAdmin && user_ctx.roles) {
                     for (var i = 0; i < user_ctx.roles.length; i++) {
                         var role = user_ctx.roles[i];
 
                         if (typeof role !== 'string' || role.length === 0) {
                             reportError('Roles must be non-empty strings.');
                         }
-                        if (role[0] === '_') {
-                            reportError('System roles (starting with an ' +
-                                'underscore) are not allowed.');
+                        if (userCtx.roles.indexOf(role) === -1) {
+                            reportError('Invalid role (`' + role +
+                                '\\') in the `user_ctx\\'');
                         }
                     }
                 }
+            } else {
+                if (!isAdmin) {
+                    reportError('The `user_ctx\\' property is missing (it is ' +
+                       'optional for admins only).');
+                }
+            }
+        } else {
+            if (!isAdmin) {
+                if (!oldDoc.user_ctx || (oldDoc.user_ctx.name !== userCtx.name)) {
+                    reportError('Replication documents can only be deleted by ' +
+                        'admins or by the users who created them.');
+                }
             }
         }
     }