Details
-
Bug
-
Resolution: Duplicate
-
Mobile 2.1
Description
Scenario: you would like to reject all attempts to create a document on the public port - from mobile/web clients (i.e only allow document to be created through the Admin port.)
- The oldDoc value is undefined for new document writes.
- requireAdmin() can detect if the write operation is performed on the user or the admin port.
function isAdmin() {
|
try { |
requireAdmin();
|
console.log("document was edited by an Admin"); |
} catch (err) { |
console.log("document was edited by an regular user " + err); |
return false; |
}
|
}
|
|
admin=isAdmin();
|
if (admin === false) { |
if (oldDoc == undefined) { |
throw ({ |
forbidden: "Document "+ doc._id +" cannot create documents from client, rejecting " |
})
|
}
|
}
|