forked from jchris/sofa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
validate_doc_update.js
38 lines (32 loc) · 1.36 KB
/
validate_doc_update.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
function (newDoc, oldDoc, userCtx, secObj) {
var v = require("lib/validate").init(newDoc, oldDoc, userCtx, secObj);
v.isAuthor = function() {
return v.isAdmin() || userCtx.roles.indexOf("author") != -1;
};
// admins or owner can always delete
if (v.isAdmin()) return true;
if (((oldDoc && (oldDoc.author == userCtx.name))) && newDoc._deleted) return true;
v.unchanged("type");
v.unchanged("author");
v.unchanged("created_at");
if (newDoc.created_at) v.dateFormat("created_at");
// docs with authors can only be saved by their author
// admin can author anything...
if (!v.isAdmin() && newDoc.author && newDoc.author != userCtx.name) {
v.unauthorized("Only "+newDoc.author+" may edit this document.");
}
if (newDoc.type == 'post') {
if (!v.isAuthor()) {
v.unauthorized("Only authors may edit posts.");
}
v.require("created_at", "author", "body", "format", "title");
} else if (newDoc.type == 'comment') {
v.require("created_at", "post_id", "comment", "format", "commenter");
v.assert((newDoc.commenter.name || newDoc.commenter.nickname) && (typeof newDoc.commenter.email != "undefined"),
"Comments must include name and email.");
if (newDoc.commenter.url) {
v.assert(newDoc.commenter.url.match(/^https?:\/\/[^.]*\..*/),
"Commenter URL must start with http://.");
}
}
}