requireUser()

    +

    Requiring Sync Gateway user

    Related Topics:    access()   |   channel()   |   expiry()   |   requireAccess()   |   requireAdmin()   |   requireRole()   |   requireUser()   |   role()   |   throw()

    Function

    requireUser(username)

    Purpose

    Use the requireUser() function to reject document updates that are not made by the specified user or users.

    Arguments

    Argument Description

    username

    Must be a string identifying a user, or an array of strings identifying multiple users; the function is applied to each user in the array.

    If the value resolves to null the function result is a no-op.

    Context

    The function signals rejection by throwing an exception, so the rest of the sync function will not be run.

    When validating a document, you should treat all properties of the doc parameter as untrusted. That is because it is the object that you’re validating. This may sound obvious, but it can be easy to make mistakes, like calling requireUser(doc.owners) instead of requireUser(oldDoc.owners).

    When using one document property to validate another, look up that property in oldDoc, not doc!

    Use

    Example 1. requireUser(username)
    requireUser("snej"); (1)
    
    requireUser(["snej", "jchris", "tleyden"]); (2)
    1 Throw an error if the user is not "snej":
    2 Throw an error if user’s name is not in the list username