Grant access at different doc modifying channel dinamically

g.andrea · March 22, 2017, 7:12pm

I report here what i have reported in a wrong place:

@ajres suggest to me to look at access() function.

Well i read it but i don’t understand something.

If i have an user X with no channel, he can’t see nothing. OK. On db there are already 3 docs saved.

A {_id: A, type: a} B {_id: B, rel: A, type: b} C {_id: C, rel: A, type: b}.

CSG is:

if(doc.type == a) {
  access(member,doc._id);
  channel(doc._id)
}

if(doc.type == b){
  channel(doc.rel)
}

When user Y(admin) save the doc A {member:[X], _id: A, type: a}

What X will see on his client?

A
A B C

If the answer is (1) this is the problem and access() func doesn’t help me.

if the answer is (2). Nice, it’s what i need. I will test it.

atom_yang · March 23, 2017, 1:22am

should be

if(doc.type == a) {
  access(doc.member,doc._id);
  channel(doc._id)
}

if(doc.type == b){
  channel(doc.rel)
}

and then,X will grants access to channel “A” by

if(doc.type == a) {  
  access(doc.member,doc._id);

And doc A,B,C will be routed to channel “A” by

if(doc.type == a) {
  channel(doc._id)
}

and

if(doc.type == b){
  channel(doc.rel)
}

so, the answer is (2).

g.andrea · March 24, 2017, 11:55am

When we set a new members X to doc A, we need X can immediately access A and all related documents (B and C) without save them.

Instead, in our test on access method, X cannot access B and C, until we clear indexdb data and get all docs again.

atom_yang · March 24, 2017, 12:33pm

what do you mean without save them?

atom_yang · March 24, 2017, 1:23pm

here is a example:
sync_gateway.json

{
  "log": ["*"],
  "databases": {
    "db": {
      "server": "walrus:",
      "users": {
           "GUEST": { "disabled": false, "admin_channels": ["*"] },
           "X": {"password": "foo"},
           "Y": {"password": "foo"},
           "Z": {"password": "foo"}
      },
      "sync":
        `
      function(doc, oldDoc) {
        if(doc.type == "a") {
          access(doc.member,doc._id)
          channel(doc._id)
        }

        if(doc.type == "b"){
          channel(doc.rel)
        }
        }
    `
    }
  }
}

then init 3 doc by

curl -X PUT -H "Content-Type:application/json" http://Y:foo@127.0.0.1:4984/db/A --data '{"type":"a"}'
curl -X PUT -H "Content-Type:application/json" http://Y:foo@127.0.0.1:4984/db/B --data '{"type":"b","rel":"A"}'
curl -X PUT -H "Content-Type:application/json" http://Y:foo@127.0.0.1:4984/db/C --data '{"type":"b","rel":"A"}'

now, there is no member in doc A,so no user can access doc A,B,C.
notice:now doc A,B C are all in channel "A"
then change doc A by

curl -X PUT -H "Content-Type:application/json" http://Y:foo@127.0.0.1:4984/db/A?rev=1-0c09858dd0110e048def165faff933f7 --data '{"type":"a","member":["X"]}'

now X will be assign channel “A”, so X will be able to access doc A,B,C
you can check by

curl -X GET -H "Content-Type:application/json" http://X:foo@127.0.0.1:4984/db/A
curl -X GET -H "Content-Type:application/json" http://X:foo@127.0.0.1:4984/db/B
curl -X GET -H "Content-Type:application/json" http://X:foo@127.0.0.1:4984/db/C

g.andrea · March 24, 2017, 1:39pm

Thanks for the example.

curl -X PUT -H “Content-Type:application/json” http://Y:foo@127.0.0.1:4984/db/A?rev=1-0c09858dd0110e048def165faff933f7 --data ‘{“type”:“a”,“member”:[“X”]}’

But only A arrive to X with a change event. X must ask directly for B, C to have this documents.

Instead what i aspect is that when a user can access to a new channel all documents on this channel will be “signaled” to X.

atom_yang · March 24, 2017, 1:54pm

I think you are looking for_changes API

now you can try to get changed doc by

curl -X GET -H "Content-Type:application/json" "http://X:foo@127.0.0.1:4984/db/_changes?limit=50&feed=normal&include_docs=true"

you will get all docs that are assigned to X like

{"results":[
{"seq":2,"id":"_user/X","changes":[]}
,{"seq":"8:6","id":"B","doc":{"_id":"B","_rev":"1-332e6281994d37dc469a0139408cfdd0","rel":"A","type":"b"},"changes":[{"rev":"1-332e6281994d37dc469a0139408cfdd0"}]}
,{"seq":"8:7","id":"C","doc":{"_id":"C","_rev":"1-332e6281994d37dc469a0139408cfdd0","rel":"A","type":"b"},"changes":[{"rev":"1-332e6281994d37dc469a0139408cfdd0"}]}
,{"seq":8,"id":"A","doc":{"_id":"A","_rev":"2-14a617c6aa458707e29374373331b4a9","member":["X"],"type":"a"},"changes":[{"rev":"2-14a617c6aa458707e29374373331b4a9"}]}
],
"last_seq":"8"}

g.andrea · March 24, 2017, 6:28pm

I’m using pouchdb and i listening .on(‘change’,{live:true…}). The application listen A doc but not B and C. If X download every docs again, cleanig local db, X see B and C like aspected.

Some log:

2017-03-24T18:25:43.992+01:00 HTTP:  #76232: PUT /vm1/_local/ngoiRgHyl_y.zHVTH1_OUw==  (as Y)
2017-03-24T18:25:44.084+01:00 Access: Computed channels for "Y": !:1,INT.2016B2747:871081,TEC.00019:6
2017-03-24T18:25:44.085+01:00 Changes+: New channels found after user reload: {INT.2016B2747}
2017-03-24T18:25:44.167+01:00 Changes+: [changesFeed] Found 3 changes for channel INT.2016B2747
2017-03-24T18:25:44.179+01:00 Changes+: MultiChangesFeed sending {Seq:871081:27487, ID:f20d181f-3873-4e83-b58a-52b142a0553f, Changes:[map[rev:1-459cf9106bbf87172a5108c4b73e26be]]}   (to Y)

This id f20d181f-3873-4e83-b58a-52b142a0553f is the id of the document that i don’t see on client.

Is there any other log that i can see to be sure that CSG work well?

atom_yang · March 24, 2017, 11:04pm

because only doc A is changed,doc B and doc C is not changed ,and doc B and doc C is on the local db.

I am confused that what do you want. is this you want

curl -X GET -H "Content-Type:application/json" "http://X:foo@127.0.0.1:4984/db/_changes?feed=normal&include_docs=true&filter=sync_gateway/bychannel&channels=A"

it will return all docs that was assigned to channel “A”.

atom_yang · March 26, 2017, 10:33am

this might helps. FYI