From 3112aa0692df79d0d92b92842e5de971bfc90fa9 Mon Sep 17 00:00:00 2001
From: Filipe David Borba Manana <fdmanana@apache.org>
Date: Sun, 21 Nov 2010 14:05:27 +0000
Subject: Merged revision 1037448 from trunk:

Proper verification of the roles property of a user document.
Closes COUCHDB-790. Thanks Gabriel Farrell.



git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/1.1.x@1037450 13f79535-47bb-0310-9956-ffa450edef68
---
 share/server/loop.js              |  1 +
 share/server/util.js              |  4 ++++
 share/www/script/test/users_db.js | 23 ++++++++++++++++++++++-
 3 files changed, 27 insertions(+), 1 deletion(-)

(limited to 'share')

diff --git a/share/server/loop.js b/share/server/loop.js
index d5bbd977..d2a07f61 100644
--- a/share/server/loop.js
+++ b/share/server/loop.js
@@ -26,6 +26,7 @@ function init_sandbox() {
     sandbox.start = Render.start;
     sandbox.send = Render.send;
     sandbox.getRow = Render.getRow;
+    sandbox.isArray = isArray;
   } catch (e) {
     log(e.toSource());
   }
diff --git a/share/server/util.js b/share/server/util.js
index 71a36a29..1b57f041 100644
--- a/share/server/util.js
+++ b/share/server/util.js
@@ -124,3 +124,7 @@ function log(message) {
   }
   respond(["log", String(message)]);
 };
+
+function isArray(obj) {
+  return toString.call(obj) === "[object Array]";
+}
diff --git a/share/www/script/test/users_db.js b/share/www/script/test/users_db.js
index 667ff3c1..1e13e5d7 100644
--- a/share/www/script/test/users_db.js
+++ b/share/www/script/test/users_db.js
@@ -90,6 +90,27 @@ couchTests.users_db = function(debug) {
     T(s.name == null);
     T(s.roles.indexOf("_admin") !== -1);
     T(usersDb.deleteDoc(jchrisWithConflict).ok);
+
+    // you can't change doc from type "user"
+    jchrisUserDoc = usersDb.open(jchrisUserDoc._id);
+    jchrisUserDoc.type = "not user";
+    try {
+      usersDb.save(jchrisUserDoc);
+      T(false && "should only allow us to save doc when type == 'user'");
+    } catch(e) {
+      T(e.reason == "doc.type must be user");
+    }
+    jchrisUserDoc.type = "user";
+
+    // "roles" must be an array
+    jchrisUserDoc.roles = "not an array";
+    try {
+      usersDb.save(jchrisUserDoc);
+      T(false && "should only allow us to save doc when roles is an array");
+    } catch(e) {
+      T(e.reason == "doc.roles must be an array");
+    }
+    jchrisUserDoc.roles = [];
   };
 
   usersDb.deleteDb();
@@ -100,4 +121,4 @@ couchTests.users_db = function(debug) {
   );
   usersDb.deleteDb(); // cleanup
   
-}
\ No newline at end of file
+}
-- 
cgit v1.2.3