UNPKG

obj_diff

Version:

Identify differences between objects; assert permitted and mandatory differences

github.com/iriscouch/obj_diff

iriscouch/obj_diff

98 lines (78 loc) 3.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
// Just experimenting with converting the _users validator function(newDoc, oldDoc, userCtx, secObj) { var doc_diff = require('obj_diff').defaults({couchdb:true}) , ANY = doc_diff.ANY , GONE = doc_diff.GONE , diff = doc_diff(oldDoc, newDoc) ; if (newDoc._deleted === true) { // allow deletes by admins and matching users // without checking the other fields if ((userCtx.roles.indexOf('_admin') !== -1) || (userCtx.name == oldDoc.name)) { return; } else { throw({forbidden: 'Only admins may delete other user docs.'}); } } if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') { } // we only allow user docs for now // GONE rules in at-most checks are very useful. During document creation, oldDoc has no // previous fields. The GONE rules will match and force that field to be created correctly. // Subsequent updates will *change* the field, so the GONEs will no longer apply. function no_system_roles(roles) { for (var i = 0; i < roles.length; i++) if(roles[i][0] === '_') return false; // No system roles (starting with underscore) in users db. return true; } var required = []; if(diff.roles) if(diff.roles) var required = [ 'name' , ANY, String // doc.name is required. }) ]; var allowed = [ 'roles', 'must be an array' , ANY , Array allowed.push('roles', ANY, no_system_roles); , '_id' , 'must be of the form org.couchdb.user:name', GONE, 'org.couchdb.user:'+newDoc.name , 'name', 'can not be changed' , GONE, newDoc.name , 'type' , 'must be user', GONE, 'user' throw({forbidden : 'doc.type must be user'}); , 'name', 'may not start with underscore', ANY, /^[^_]/ ]; if(newDoc.password_sha) { required.push('password_sha', ANY, String); // Users with password_sha... required.push('salt' , ANY, String); // ...must have a salt. } try { diff.assert.atleast(required); diff.assert.atmost(allowed); } catch (failure) { throw({forbidden: failure.message}); } if(userCtx.roles.indexOf('_admin') !== -1) { allowed.push('roles', Array, Array); } else { // Validate non-admin updates. allowed.push('name', GONE, userCtx.name); // You may only update your own user document. // It appears that users may re-arrange their roles order. allowed.push('roles', Array, function(newRoles, oldRoles) { if(oldRoles.length !== newRoles.length) return false; for (var i = 0; i < newRoles.length; i++) { if(oldRoles.indexOf(newRoles[i]) === -1) return false; } return true; }) } // no system names as names if (newDoc.name[0] === '_') { throw({forbidden: 'Username may not start with underscore.'}); } // Test it all! diff.assert.atleast(required); diff.assert.atmost(allowed); }