Re: Sync Gateway function

[Jens Alfke]

> On Jun 2, 2015, at 2:36 AM, Florion COIFFÉ <cflo...@gmail.com> wrote:
>
> But where do I get this username ? Should I manually add a user_id property to all my documents and call access (doc.user_id, "VIP_channel") ?

Something like that, yes. The sync function has no access to any state that isn’t part of the document, so it has to get that user ID from the document.

> A user in the local database has a Account table and all the other tables a children of the Account table (not directly, is sub-children etc, it's a tree). I would find it odd to manually add a user_id property to all theses 52 tables since they all are related to a single Account table.

But consider the entire aggregate database in the Sync Gateway. Each document should presumably keep track of who its owner is. That’s what that user_id property does.

> When my iOS app connects to the sync gateway, It gets back a Session. The session means that the user is granted access to the database. What I would have thought is that each document created during that Session would be automatically associated to the session's user

No, SG does not keep track of who pushed a document to it. In general the creator of a document need not be the same as the “owner” of a document. Access privileges are generalized enough that SG doesn’t hardcode one specific type of access.

—Jens

[Jens Alfke]

On Jun 2, 2015, at 11:04 AM, Florion COIFFÉ <cflo...@gmail.com> wrote:

1. I have to manually add a .creator property to all my table in my iPad database, right?

You mean “documents”, right? Couchbase doesn’t have tables, those are a relational-db thing.

Yes, if you want the documents to have a “creator" property you have to add it.

2. When we say "user_id", "owner", "creator", etc. There are arbitrary names we choose as developers right ? There is no Couchbase special property like "type", or "rev” ?

Couchbase reserves property names that start with an underscore “_”, like “_id”, “_rev”, “_attachments”. Anything else is free for you to use.

3. I got how to prevent creating or updating documents. But how do I prevent a user to see other users' document ?

A user can only see documents that are assigned to channels s/he has access to. So to hide documents, don’t assign those documents to the users’ channels. A typical way to do this is to have a naming convention for channels named after users, for example when you create user “alice” you give her access to channel “for:alice”. Then in the sync function to give user x access to a document you assign it to channel “for:”+x.

4. On last thing, sorry. In the couchbase-lite-iOS repository, the CBLIncrementalStore takes care of dynamically adding a "type" property to each document based on the table name in the datamodel. My idea was to do the same thing for "creator" property so it is automatically added in couchbase documents without having it in the datamodel since I consider it is a Couchbase (meta?)data that I don't need to know about since every data I have on the iPad was created by the user anyway.

I don’t know Core Data very well. You can declare that property in your NSManagedObject subclass, but you’ll also have to ensure it gets assigned a default value (the username), or manually assign the value when you create a new document.

—Jens

[Jens Alfke]

On Jun 3, 2015, at 8:53 AM, Florion COIFFÉ <cflo...@gmail.com> wrote:

Calling requireUser("snej") doesn't take the change into account if the user making that change isn't "snej" right ?

Yes, it will reject the update with a 403 Forbidden status.

But how does requireUser function know which user is making that change ? There must be somewhere "snej" === someUser. Where does this someUser come from ?

From the Gateway’s REST API. Every request is authenticated, so the gateway knows which user is making the change. The storage code that invokes the sync function is passed the request context so it knows the user.

—Jens