A newer version of this documentation is available.

View Latest



      Requiring Sync Gateway user

      Related Topics:    access()   |   channel()   |   expiry()   |   requireAccess()   |   requireAdmin()   |   requireRole()   |   requireUser()   |   role()   |   throw()




      Use the requireUser() function to reject document updates that are not made by the specified user or users.


      Argument Description


      Must be a string identifying a user, or an array of strings identifying multiple users; the function is applied to each user in the array.

      If the value resolves to null the function result is a no-op.


      The function signals rejection by throwing an exception, so the rest of the sync function will not be run.

      When validating a document, you should treat all properties of the doc parameter as untrusted. That is because it is the object that you’re validating. This may sound obvious, but it can be easy to make mistakes, like calling requireUser(doc.owners) instead of requireUser(oldDoc.owners).

      When using one document property to validate another, look up that property in oldDoc, not doc!


      Example 1. requireUser(username)
      requireUser("snej"); (1)
      requireUser(["snej", "jchris", "tleyden"]); (2)
      1 Throw an error if the user is not "snej":
      2 Throw an error if user’s name is not in the list username