Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.2
-
None
-
None
-
New Contributors Level (Easy)
Description
Since the introduction of system db security a user cannot delete their own _users doc. This is because we test that the "name" field of the updated document matches the userCtx. It doesn't in the case of a DELETE because the body only contains _id, _rev and _deleted.
Changing the code to compare the username embedded in the doc _id instead is a fix.