replication support for offline update

yssk22 · May 14, 2011 · 01e42af · 01e42af
1 parent 2f95a15
commit 01e42af
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 8 deletions.
diff --git a/apps/posts/validate_doc_update.js b/apps/posts/validate_doc_update.js
@@ -1,6 +1,7 @@
 module.exports = function(newDoc, oldDoc, userCtx, secObj){
   var v = (eval(this.lib.validator))(newDoc, oldDoc, userCtx, secObj);
 
+  // document structure check
   if( newDoc._deleted ){
     // on deleted
   }else{
@@ -17,4 +18,13 @@ module.exports = function(newDoc, oldDoc, userCtx, secObj){
      v.required('title', 'content');
      v.unchanged('created_by');
    }
+
+  // security check
+  if( !v.hasRoles('_admin') ){
+    // replication validation
+    // only owner can be updated
+    if( userCtx.name != newDoc.created_by.name ){
+      v.forbidden('You are not the owner of document');
+    }
+  }
 };
diff --git a/lib/couchapp.js b/lib/couchapp.js
@@ -1,19 +1,41 @@
 module.exports = require('couchapp');
 module.exports.validator = function(newDoc, oldDoc, userCtx, secObj){
   var v = {};
+  v.requireLogin = function(){
+    if( userCtx.name == null ){
+      v.forbidden('You must be logged in.');
+    }
+  };
+
+  v.requireRoles = function(){
+    var roles = Array.prototype.slice.call(arguments);
+    if( !v.hasRoles.apply(v, roles) ){
+      v.forbidden('You must has one of ' + roles.join(','));
+    };
+  };
+
+  v.hasRoles = function(){
+    var roles = userCtx.roles || [];
+    for(var i=0, l=arguments.length; i<l; i++){
+      var role = arguments[i];
+      if( roles.indexOf(role) >= 0 ){
+        return true;
+      }
+    }
+    return false;
+  };
 
   v.forbidden = function(message){
     throw({forbidden: message});
   };
 
   v.required = function(){
-    for (var i=0; i < arguments.length; i++) {
+    for (var i=0, l=arguments.length; i < l; i++) {
       var field = arguments[i];
-      message = "The '"+field+"' field is required.";
+      var message = "The '"+field+"' field is required.";
       if (typeof newDoc[field] == "undefined"){
         v.forbidden(message);
       }
-      log(field)
       if(newDoc[field] == ""){
         v.forbidden(message);
       }

diff --git a/lib/middleware/auth.js b/lib/middleware/auth.js
@@ -14,13 +14,19 @@ var sha1 = function(str){
 };
 
 var GUEST = {
-  user_id: 'guest',
-  display_name: 'Guest'
+  _id: 'guest',
+  name: 'guest',
+  display_name: 'Guest',
+  roles: [],
+  lastLogin: new Date(1970, 1, 1)
 };
 
 var ADMIN = {
-  user_id: 'admin',
-  display_name: 'Administrator'
+  _id: 'admin',
+  name: 'admin',
+  display_name: 'Administrator',
+  roles: ["_admin"],
+  lastLogin: new Date(1970, 1, 1)
 };
 
 // TODO: support more providers
@@ -35,7 +41,7 @@ var Providers = {
     consumerSecret  : '',
     normalizeUser   : function(results){
       return {
-        user_id: "twitter.com:" + results.user_id,
+        user_id: "twitter.com-" + results.user_id,
         display_name: results.screen_name,
         provider: "twitter"
       };