Purge local documents after channel removed from user

Hello, I use channels in couchbase as a form of access control in a shared document system. Generally, users have access to multiple channels and documents belong to only 1 channel. One issue I have not been able to solve is when I remove a channel from a user, I want all of the documents in that channel to be removed from the user’s device.

I think the current behavior of CBL is that when I remove a channel from a user’s admin_channels, that user doesn’t receive any further updates on documents in that channel, but the previously synced documents remain on the user’s device. In my scenario, I also need to “revoke” access to the already synced documents in that channel.

Is there a way to purge local documents when a user’s admin_channels are updated?

Thank you

The Lost Access paragraph in this blog covers this scenario http://blog.couchbase.com/2016/september/access-denied-or-access-lost-some-tips-on-sync-gateway (cc @hod.greeley)

So documents pulled via access to the channel should be removed when revoking the user’s access to the channel. Are you noticing something different?

Is access to the channel revoked through:

  • the sync function or
  • via updating the user’s admin_channels through the REST API?

James

Thank you for the pointer to the Lost Access section of the blog post. It provides some very useful information for my scenario.

I have been using Couchbase Lite Viewer to observe incoming sequences and to observe what happens when a channel is removed from a user. Now that I have a better idea of what to look for - a special tombstone revision of the documents - I will perform further tests to confirm the expected behavior. I will also double-check that my application logic is not at fault.

I am revoking access by updating the user’s admin_channels through the REST API.

Thank you

@graywave Sorry, the blog post was meant to say a document shows as removed on the client side when a document is removed from a channel. I apologize. It was my intention to convey that removing a document from a channel causes the removal, but on rereading I see how it’s confusing.

There’s an open issue around removing documents when a user is removed from a channel. There are a number of issues to consider for a general solution. See https://github.com/couchbase/sync_gateway/issues/264

To do what you’re attempting, since you are guaranteeing a doc goes into only one channel, here’s an approach Adam Fraser suggested:

  1. Use a user_profile doc to manage the set of channels for a user
  2. Store two properties in the user_profile doc (‘active_channels’, ‘removed_channels’)
  3. When updating the user_profile doc, add any new channels to active_channels, add any channels removed to removed_channels
  4. Sync function does access grant based on active_channels
  5. Ensure user always has access to user_profile doc. When client gets an update to the user_profile doc, execute a local purge of all documents in removed_channels

A couple of potential complications:

  • #5 assumes the client can execute a query to identify which docs belong to channel foo. Depends on client’s ability to replicate sync function logic

  • When to prune removed_channels. You can’t prune it on every update, because you don’t know whether the client has processed the previous update yet.