Thank you for your help so far. I have found it really useful.
I have been investigating how we restrict access to couchbase and are seeking any guidance or alternatives to the approaches we are considering.
At the moment we have the following…
- A channel with multiple documents. There will be admins in the channel who can add other users, and then there will be people who can read, write and delete documents from the channel.
- A user who creates a channel will be the channel admin, but it is possible that in the future they leave the channel altogether and one/many others will continue to admin the channel.
My understanding is as follows.
- Roles restrict access to channels.
- Channel filtering restricts who can read documents, but not Create, Update or Delete.
- Create a document in each channel that contains the various permissions (Create, Update, Delete, Admin) and which users they are granted to.
- In the sync function retrieve this document and check a user has the permissions to do what they need to do.
- To add or remove permissions modify this document.
Create roles for the different permissions channelname-admin, channelname-read, channelname-write, channelname-delete etc.
Grant these roles to a user.
In the sync_function do something similar to the following
var channel = doc.channel();
requireRole(channel + “-write”);
requireRole(channel + “-delete”);
To be honest I am not particularly comfortable with either of these strategies. The first results in a call to the db for the permissions doc in every sync. It does make it easy to revoke permissions from a user though. The second strategy results in a ridiculously large number of roles and it is not clear how I would go about removing the roles from a user. At a glance it looks as though I would need to iterate through every user in the db, check for a role and remove it. There does not appear to be a way to grab all users with a given role?
Finally, I have considered changing the relationship between docs and channels to be one to one. Having a single document that has documents nested within it. However it feels wrong and there is a limit on document size that could be reached.
I’m really interested in hearing how others have approached this problem or any standard patterns for access and authentication through the sync gateway that might work for this scenario.