A newer version of this documentation is available.

View Latest

requireUser()

      +

      Requiring Sync Gateway user

      Related Topics:    access()   |   channel()   |   expiry()   |   requireAccess()   |   requireAdmin()   |   requireRole()   |   requireUser()   |   role()   |   throw()

      Function

      requireUser(username)

      Purpose

      Use the requireUser() function to reject document updates that are not made by the specified user or users.

      Arguments

      Argument Description

      username

      Must be a string identifying a user, or an array of strings identifying multiple users; the function is applied to each user in the array.

      If the value resolves to null the function result is a no-op.

      Context

      The function signals rejection by throwing an exception, so the rest of the sync function will not be run.

      When validating a document, you should treat all properties of the doc parameter as untrusted. That is because it is the object that you’re validating. This may sound obvious, but it can be easy to make mistakes, like calling requireUser(doc.owners) instead of requireUser(oldDoc.owners).

      When using one document property to validate another, look up that property in oldDoc, not doc!

      Use

      Example 1. requireUser(username)
      requireUser("snej"); (1)
      
      requireUser(["snej", "jchris", "tleyden"]); (2)
      1 Throw an error if the user is not "snej":
      2 Throw an error if user’s name is not in the list username