best practices for checking a related document for access info
18 views
Skip to first unread message
Seung Chan Lim
Oct 21, 2015, 5:36:39 PM10/21/15
to Couchbase Mobile
I have the following two types of documents
1. space
2. conversation: "space" attribute points to the _id of space
Whenever a conversation starts, a new doc of type "conversation" is created and its attribute "space" contains the _id of a doc of type "space"
What I want to ensure in my sync function is that the user creating a "conversation" document has access to the "space" document pointed.
I originally thought to simply do requireAccess(doc.space) when a conversation doc is created/updated and make sure to do channel(doc._id) and a access(doc.owner, doc._id) when a space doc is created/updated.
But then I wanted to have public spaces, which anyone has access to. In other words, even if the user isn't explicitly given a access to the channel, I was hoping requireAccess would pass if the document is "public."
I thought I could do this by doing access("GUEST", doc._id) when a space doc is created/updated but that doesn't seem to work.
Is this even possible?
slim
Seung Chan Lim
Oct 21, 2015, 6:25:56 PM10/21/15
to Couchbase Mobile
What I'm leaning toward is just creating a EVERYONE role, then adding any new user to that role.
Then giving any public space provide access to that role.
I guess that's the way?
slim
Jens Alfke
Oct 21, 2015, 7:11:33 PM10/21/15
to mobile-c...@googlegroups.com
On Oct 21, 2015, at 2:36 PM, Seung Chan Lim <djs...@gmail.com> wrote:
I thought I could do this by doing access("GUEST", doc._id) when a space doc is created/updated but that doesn't seem to work.
It doesn’t work because GUEST is a specific account used for requests without authorization. So changing the properties of that account doesn’t affect the properties of other accounts.
Your other approach of using a special role everyone’s added to sounds good.
—Jens
James Nocentini
Nov 19, 2015, 9:10:19 AM11/19/15
to Couchbase Mobile
Another way could be to map the public documents to the built-in ! channel (called the public channel) because the GUEST user and all registered users have access to that channel by default.
I recorded a screencast about this use case that might help http://blog.couchbase.com/2015/november/exploring-the-public-and-user-channels-in-couchbase-sync-gateway
I recorded a screencast about this use case that might help http://blog.couchbase.com/2015/november/exploring-the-public-and-user-channels-in-couchbase-sync-gateway
James
Reply all
Reply to author
Forward
0 new messages