Permalink
Browse files

update validation rules for twitter and website properties

  • Loading branch information...
1 parent aa03dcb commit 8c9b52bb3be4f0bcd1c17b6b2e37b6d32d2a3533 @caolan committed Jun 19, 2012
Showing with 19 additions and 14 deletions.
  1. +19 −14 ddoc/ddoc.js
View
33 ddoc/ddoc.js
@@ -14,32 +14,37 @@ exports.views = {
};
exports.validate_doc_update = function (newDoc, oldDoc, userCtx) {
+ var action = oldDoc ? (newDoc._deleted ? 'remove': 'update'): 'create';
+
if ((oldDoc && oldDoc.type === 'profile') || newDoc.type === 'profile') {
+ if (action === 'update' || action === 'create') {
+ if (newDoc.website && !/^https?:\/\//.test(newDoc.website)) {
+ throw {forbidden: 'Website must include http:// or https://'};
+ }
+ if (newDoc.twitter && !/^[A-Za-z0-9_]+$/.test(newDoc.twitter)) {
+ throw {forbidden: 'Invalid twitter username'};
+ }
+ }
for (var i = 0; i < userCtx.roles.length; i++) {
if (userCtx.roles[i] === '_admin') {
- // _admin users can do anything
+ // _admin users can do anything provided it's a valid doc
return;
}
}
if (!userCtx.name) {
throw {unauthorized: 'You must be logged in'};
}
- if (oldDoc) {
- if (newDoc._deleted) {
- // remove
- if (userCtx.name !== oldDoc.name) {
- throw {unauthorized: 'Only the owner can remove a profile'};
- }
+ if (action === 'remove') {
+ if (userCtx.name !== oldDoc.name) {
+ throw {unauthorized: 'Only the owner can remove a profile'};
}
- else {
- // update
- if (userCtx.name !== oldDoc.name) {
- throw {unauthorized: 'Only the owner can update a profile'};
- }
+ }
+ else if (action === 'update') {
+ if (userCtx.name !== oldDoc.name) {
+ throw {unauthorized: 'Only the owner can update a profile'};
}
}
- else {
- // create
+ else if (action === 'create') {
if (userCtx.name !== newDoc.name) {
throw {unauthorized: 'profile.name must match your username'};
}

0 comments on commit 8c9b52b

Please sign in to comment.