requireUser()
Requiring Sync Gateway user
Related Topics: access() | channel() | expiry() | requireAccess() | requireAdmin() | requireRole() | requireUser() | role() | throw()
- Function
-
requireUser(username)
Purpose
Use the requireUser()
function to reject document updates that are not made by the specified user or users.
Arguments
Argument | Description |
---|---|
username |
Must be a string identifying a user, or an array of strings identifying multiple users; the function is applied to each user in the array. If the value resolves to null the function result is a no-op. |
Context
The function signals rejection by throwing an exception, so the rest of the sync function will not be run.
When validating a document, you should treat all properties of the doc
parameter as untrusted. That is because it is the object that you’re validating.
This may sound obvious, but it can be easy to make mistakes, like calling requireUser(doc.owners)
instead of requireUser(oldDoc.owners)
.
When using one document property to validate another, look up that property in oldDoc
, not doc
!
Use
requireUser("snej"); (1)
requireUser(["snej", "jchris", "tleyden"]); (2)
1 | Throw an error if the user is not "snej": |
2 | Throw an error if user’s name is not in the list username |