Commits

benoitc  committed 59ed10d

fix validation & list

  • Participants
  • Parent commits cfc2b87
  • Branches couchdb010

Comments (0)

Files changed (3)

File _attachments/login.html

                 }     
                 new Login(app, {
                     success: function() {
-                        alert($("#next").val());
                         document.location.href = query["next"];
                     },
                     error: function() {

File lists/index.js

     }
             
     var nextPath = listPath('index','recent-posts', {
-      startkey: (ky || "#"), 
+      startkey: (key || "#"), 
       descending:true, 
       limit:25 });
 

File validate_doc_update.js

     if (!beTrue) forbidden(message);
   };
 
+  if (doc_type != "comment" && !userCtx.name)
+      forbidden("only connected users can create such doc");
+
   // docs with authors can only be saved by their author
-  if (author) {
-    // dirty hack to provide userCtx.name to the client process
-    if (author == '_self') userCtx.name ? forbidden('_self:' + userCtx.name) : unauthorized('Please log in.');
-    
-    if (userCtx.roles.indexOf('_admin') == -1) {
+  if (authori && userCtx.roles.indexOf('_admin') == -1) {
       // admin can edit anything, only check when not admin...
       if ((oldDoc && oldDoc.author != newDoc.author))
         forbidden("You may not change the author of a doc.");
 
       if (author != userCtx.name)
-        unauthorized("Only "+author+" may edit this document.");      
+        forbidden("Only "+author+" may edit this document.");      
     } 
-  } 
+  }
 
   // authors and admins can always delete
   if (newDoc._deleted) return true;