2

I am confused about what is the difference between the a security document (image below)

enter image description here

AND between the validate_doc_update function (see below) which placed within the design document. 

  function(newDoc, oldDoc, usersCtx){

     //validate code goes here

  }

Which one is used at what point and what is the purpose of each one?

Thank you in advance.

Skywalker
  • 4,984
  • 16
  • 57
  • 122

2 Answers2

3

The security document stores the state (data) whereas the validate document update function stores the behavior (logic). Together, they form an object in the OO sense.

The complete signature of the validate_doc_update function is actually

function(newDoc, oldDoc, userCtx, secObj)

where secObj is the security document. So you can interpret validate_doc_update as a method of secObj if you prefer. The goal is to keep your code tidy by not having to hardcode data in the validation code.

Simon
  • 31,675
  • 9
  • 80
  • 92
  • Thank you so much for the reply.What I understand from my research and testing is that the "Security Document" only allows read and write access to people who are added within the security document. But if you want to further limit who can "Write/Update" the documents within your database you can set up a "Validate_doc_update" function which will restrict unauthorised users (Who are not authorised by the Validate) from making any changes. Is this right? Or have I got this completely wrong? – Skywalker Feb 16 '15 at 09:40
  • Yes, and the `validate_doc_update` gives you even more control: you can restrict access to individual fields if you want! – Simon Feb 16 '15 at 13:08
0

These are different concepts that apply to different scopes...

Security Document This applies globally to a database. It controls which user names have admin roles and which have access. Provided that the database is not public only users named in this document can access (read or write) the database. Note that authentication is handled elsewhere - this document deals only in authenticated usernames.

Even without any validation functions the security document is important as it controls access at the database level.

validate function The validation functions of a design document allow the designer to restrict changes to a document. Depending on the result of ALL the validate functions in all the design documents in a database, a PUT/POST will succeed or fail. The data available to a validation function is limited however - it cannot reference any other document except the one being updated and the security document.

Using the validation function the designer could limit values for fields, control which fields can be changed, and vary permissions based on whether the current user is an admin or not for example. However it is not possible to check a new value is in a lookup list on another document, or that a reference to another document ID is valid.

It is possible to use Validation functions in a public database that has no Security Document - so these two concepts can work together but neither requires the other.

Ewan Makepeace
  • 5,376
  • 9
  • 31
  • 31