I am using an email confirmation system to check everyone’s user email. However, once their email is confirmed, I need to inject a piece of data into a document, and running this document through the sync function will give the proper permissions to the correct user, as updated by their verification that they own this email address. However, I can’t seam to find a way to edit the needed document using the Admin Sync API; using the public API would mean that I have to create a sort of backdoor master user that can edit all documents, which I would like to avoid. Editing the document on the server directly would not run it through the sync function, and is generally not suggested. Any ideas?
Thank you for your time.
I saw in http://blog.couchbase.com/2016/january/how-to-authorize-users-in-sync-gateway that creating this backdoor user would be relatively simple, but is this a security risk because gaining access to that one user account would allow someone to access all data? Can I restrict access to this user to only localhost?