N1QL query & users in Sync Gateway


#1

I create a user using the sync gateway Admin API and i’m able to search for documents by ID but there is no way to search document by N1QL.

Then I realized that i can use “http://:8093/query/service” to make a N1QL query but when I try to do that with a user session that i’ve obtained from sync gateway it tells me “User does not have credentials to run SELECT queries on the bucket”

I was also confused that when I create a user in sync gateway…it doesn’t appear in the couchbase server under Security > Users.

My question are as follows:

  1. How come i can’t make N1QL query through sync gateway API
  2. How come there a 2 sets of users… one for sync gateway and one for couchbase server
  3. How do I allow a sync gateway user to make N1QL queries and only receive documents they are allowed to view based on sync gateway roles and channels

Thanks!


#2

which version of SG do you use?

yes, the SG user and the CB user is different.
when you created user by SG Admin API with <user_id>, the SG user document is created in CB bucket start with “_sync:user:<user_id>” before you enable XATTR in SG.
so you can query user with “_sync:user:<user_id>” by N1QL;

I think you can not make N1QL queries and only receive documents they are allowed to view based on sync gateway roles and channels.
you can use view of SG to receive documents they are allowed to view based on sync gateway roles and channels.


#3

Hi… thanks for the reply.

I"m using sync-gateway:2.0.0 and Couchbase-server:5.5.0-beta

What i’m hoping to do is retrieve documents a particular user is allowed to view but I don’t want all. Based on what you mentioned, it is possible to get all the documents a user is allowed to view but what if that list is long. How would one be able to filter that list with a query to retrieve only what is relevant at the time.

Can you also point me to where I can read more about getting all the document a user can view. I tried a GET request to “https://:4984//_all_docs” and included the Header: “Cookie: SyncGatewaySession=” but the list comes back empty even though i previously created a document, added it to a channel called “test” and when I created the user via SG I gave that user permission to view the channel called “test”


#4

you can retrieve document by user or by channel via SG REST API
https://developer.couchbase.com/documentation/mobile/2.0/references/sync-gateway/rest-api/index.html#/database/post__db___changes
FYI