requireUser() function to reject document updates that are not made by the specified user or users.
Must be a string identifying a user, or an array of strings identifying multiple users; the function is applied to each user in the array.
If the value resolves to null the function result is a no-op.
The function signals rejection by throwing an exception, so the rest of the sync function will not be run.
When validating a document, you should treat all properties of the
doc parameter as untrusted. That is because it is the object that you’re validating.
This may sound obvious, but it can be easy to make mistakes, like calling
requireUser(doc.owners) instead of
When using one document property to validate another, look up that property in
requireUser("snej"); (1) requireUser(["snej", "jchris", "tleyden"]); (2)
|1||Throw an error if the user is not "snej":|
|2||Throw an error if user’s name is not in the list