Only allow strings in user doc "roles" array
We validate that _security documents only contain strings but we have
not done the same for the roles field in user docs. This is a breaking
change as users may have been inserting other things (notably,
objects) in this field.
COUCHDB-1675
diff --git a/script/test/users_db.js b/script/test/users_db.js
index 44e6c88..4d6e4de 100644
--- a/script/test/users_db.js
+++ b/script/test/users_db.js
@@ -112,6 +112,16 @@
}
jchrisUserDoc.roles = [];
+ // "roles" must be an array of strings
+ jchrisUserDoc.roles = [12];
+ try {
+ usersDb.save(jchrisUserDoc);
+ T(false && "should only allow us to save doc when roles is an array of strings");
+ } catch(e) {
+ TEquals(e.reason, "doc.roles can only contain strings");
+ }
+ jchrisUserDoc.roles = [];
+
// "roles" must exist
delete jchrisUserDoc.roles;
try {