From 3112aa0692df79d0d92b92842e5de971bfc90fa9 Mon Sep 17 00:00:00 2001 From: Filipe David Borba Manana Date: Sun, 21 Nov 2010 14:05:27 +0000 Subject: Merged revision 1037448 from trunk: Proper verification of the roles property of a user document. Closes COUCHDB-790. Thanks Gabriel Farrell. git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/1.1.x@1037450 13f79535-47bb-0310-9956-ffa450edef68 --- share/server/loop.js | 1 + share/server/util.js | 4 ++++ share/www/script/test/users_db.js | 23 ++++++++++++++++++++++- 3 files changed, 27 insertions(+), 1 deletion(-) (limited to 'share') diff --git a/share/server/loop.js b/share/server/loop.js index d5bbd977..d2a07f61 100644 --- a/share/server/loop.js +++ b/share/server/loop.js @@ -26,6 +26,7 @@ function init_sandbox() { sandbox.start = Render.start; sandbox.send = Render.send; sandbox.getRow = Render.getRow; + sandbox.isArray = isArray; } catch (e) { log(e.toSource()); } diff --git a/share/server/util.js b/share/server/util.js index 71a36a29..1b57f041 100644 --- a/share/server/util.js +++ b/share/server/util.js @@ -124,3 +124,7 @@ function log(message) { } respond(["log", String(message)]); }; + +function isArray(obj) { + return toString.call(obj) === "[object Array]"; +} diff --git a/share/www/script/test/users_db.js b/share/www/script/test/users_db.js index 667ff3c1..1e13e5d7 100644 --- a/share/www/script/test/users_db.js +++ b/share/www/script/test/users_db.js @@ -90,6 +90,27 @@ couchTests.users_db = function(debug) { T(s.name == null); T(s.roles.indexOf("_admin") !== -1); T(usersDb.deleteDoc(jchrisWithConflict).ok); + + // you can't change doc from type "user" + jchrisUserDoc = usersDb.open(jchrisUserDoc._id); + jchrisUserDoc.type = "not user"; + try { + usersDb.save(jchrisUserDoc); + T(false && "should only allow us to save doc when type == 'user'"); + } catch(e) { + T(e.reason == "doc.type must be user"); + } + jchrisUserDoc.type = "user"; + + // "roles" must be an array + jchrisUserDoc.roles = "not an array"; + try { + usersDb.save(jchrisUserDoc); + T(false && "should only allow us to save doc when roles is an array"); + } catch(e) { + T(e.reason == "doc.roles must be an array"); + } + jchrisUserDoc.roles = []; }; usersDb.deleteDb(); @@ -100,4 +121,4 @@ couchTests.users_db = function(debug) { ); usersDb.deleteDb(); // cleanup -} \ No newline at end of file +} -- cgit v1.2.3