CouchDB ACL 交叉引用文档
假设我有两种类型的文档,其中一种引用另一种,例如“orders”和“order_replies”,后一种文档有一个字段“ref”,其中包含订单文档的 ID。
对于我的 validate_doc_update 函数,我希望用户只有在是原始订单的作者时才能够更改 order_reply 文档。
如何在函数中从 ID 为 newDoc.ref 的订单中获取“作者”字段?
这是到目前为止我的验证函数的一部分:
if(userCtx.roles.indexOf('employee') >= 0) {
// [...] other doc types
if (newDoc.type == 'order_reply') {
//newDoc.ref.author is not the proper approach
require((userCtx.name == newDoc.ref.author), "this is not your order reply!");
}
}
Let's say I have two types of docs with one referencing the other, e.g. "orders" and "order_replies" the later one having a field "ref" which contains an ID of an order document.
For my validate_doc_update function I want a user only to be able to change an order_reply document if he is the author of the original order.
How can I get the "author" field from the order with the ID newDoc.ref within the function?
Here's a part of my validation function so far:
if(userCtx.roles.indexOf('employee') >= 0) {
// [...] other doc types
if (newDoc.type == 'order_reply') {
//newDoc.ref.author is not the proper approach
require((userCtx.name == newDoc.ref.author), "this is not your order reply!");
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
将作者 ID 放入订单 ID 中。例如:
{ "_id": "order/jack/1", ... }{ "ref": "order/jack/1", ... }因此,您可以检查:
如果您有多个作者,请使用
"order/author1/author2/.../authorN/ordernum"作为_id 并检查:更新:由于错误COUCHDB-1229,请使用doc._id 中的“/”可能会导致问题。根据您的用例,最好使用其他分隔符,例如“:”。
Put the author's ID in the order's ID. For example:
{ "_id": "order/jack/1", ... }{ "ref": "order/jack/1", ... }So you can check with:
If you have multiple authors, use
"order/author1/author2/.../authorN/ordernum"as_idof the order and check with:UPDATE: Due to bug COUCHDB-1229, use of "/" in doc._id may cause problems. Depending on your use-case, it may be better to use another separator, e.g. ":".