From c45240591f3bf69555e05411e1eb01e41fc1b9e4 Mon Sep 17 00:00:00 2001
From: Jann Horn <jannhorn@googlemail.com>
Date: Fri, 30 Dec 2011 15:35:07 +0100
Subject: [PATCH] only allow "forum" and admins to do stuff

---
 couchdb/app.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/couchdb/app.js b/couchdb/app.js
index 714df9b..3948122 100644
--- a/couchdb/app.js
+++ b/couchdb/app.js
@@ -10,6 +10,10 @@ var ddoc =
 
 module.exports = ddoc
 
+ddoc.validate_doc_update = function(newdoc, olddoc, userCtx, secobj) {
+  if (userCtx.name !== 'forum' && userCtx.roles.indexOf('_admin') === -1) throw {forbidden: 'you must be logged in as "forum" or an admin'}
+}
+
 ddoc.views.threadPosts =
 { map: function(doc) {
     if (doc._id.slice(0, 5) === 'post:') {