1 function (newDoc, oldDoc, userCtx, secObj) {
2 var v = require("lib/validate").init(newDoc, oldDoc, userCtx, secObj);
4 v.isAuthor = function() {
5 return v.isAdmin() || userCtx.roles.indexOf("author") != -1;
8 // admins or owner can always delete
9 if (v.isAdmin()) return true;
10 if (((oldDoc && (oldDoc.author == userCtx.name))) && newDoc._deleted) return true;
13 v.unchanged("author");
14 v.unchanged("created_at");
16 if (newDoc.created_at) v.dateFormat("created_at");
18 // docs with authors can only be saved by their author
19 // admin can author anything...
20 if (!v.isAdmin() && newDoc.author && newDoc.author != userCtx.name) {
21 v.unauthorized("Only "+newDoc.author+" may edit this document.");
24 if (newDoc.type == 'post') {
26 v.unauthorized("Only authors may edit posts.");
28 v.require("created_at", "author", "body", "format", "title");
29 } else if (newDoc.type == 'comment') {
30 v.require("created_at", "post_id", "comment", "format", "commenter");
31 v.assert((newDoc.commenter.name || newDoc.commenter.nickname) && (typeof newDoc.commenter.email != "undefined"),
32 "Comments must include name and email.");
33 if (newDoc.commenter.url) {
34 v.assert(newDoc.commenter.url.match(/^https?:\/\/[^.]*\..*/),
35 "Commenter URL must start with http://.");