Public access to channels


#1

Copied from https://github.com/couchbase/sync_gateway/issues/1571

Below is my sync gateway function, i want to allow some documents (which has type=“public_access”) to replicate to all users, How do i do that? I added channel as public for those documents, but it does not work.

{
    "interface": ":4984",
    "adminInterface": ":4985",
    "log": ["CRUD",  "HTTP",  "Access", "Cache", "Shadow", "Changes"],
    "databases": {
        "todo_sync" : {
            "server": "http://127.0.0.1:8091",
            "import_docs": true,
            "users": {        
                "users": { "GUEST": { "disabled": false, "admin_channels": ["*"] } },
            },
            "sync": `
                function(doc) { 
                    if(doc.type == "gift_issuers") { 
                        channel("public"); 
                    }

                }`,
            "shadow": {
                 "server": "http://127.0.0.1:8091",
                 "bucket": "todo_server"
            }
        }
    } 
}

#2

You’ve got two options in this scenario:

  1. Grant all users access to your “public” channel. This could be done either via the Admin REST API, or by an access grant in your sync function.
  2. Use Sync Gateway’s built-in public channel “!”. Channeling documents to the “!” channel will make them accessible to all users without any additional security required for those users.

#3

Hi Thanks for Reply

My sync gateway File is

{
“log”: [“CRUD”, “REST+”, “Access”],
“databases”: {
“testdemo”: {
“server”: “http://ravideveloper:8091/”,
“users”: {
“ravi”: {
“disabled” : false,
“password”: “ravi@123”,
“admin_channels”:["*"]
}
},
“sync”: function(doc, oldDoc) { // NOTE this function is the same across the iOS, Android, and PhoneGap versions. if (doc.type == "task") { if (!doc.list_id) { throw({forbidden : "items must have a list_id"}) } channel("task-"+doc.list_id); } else if (doc.type == "list") { channel("list-"+doc._id); if (!doc.owner) { throw({forbidden : "list must have an owner"}) } if (oldDoc) { var oldOwnerName = oldDoc.owner.substring(oldDoc.owner.indexOf(":")+1); requireUser(oldOwnerName) } var ownerName = doc.owner.substring(doc.owner.indexOf(":")+1); access(ownerName, "list-"+doc._id); } }
}
}
}


#4

@ravisharma99885 Is this related to the previous question? I don’t see any attempts to use public channels in that config.


#5

I will try the public channel and let you know.


#6

Hi Adamf ,

I try the public channel but it give me the** same error**.


#7

How can we have a plain text password in the config file? Is that not a security issue?


#8

@preethi.minti The usual approach is to create users through the admin REST API.


#9

@ravisharma99885 Were you able to get your situation resolved?


#10

Is there an example that you can point me to? Everywhere I see users being configured in the json file that is used to start sync gateway.

If we have an external custom authentication, the same user needs to be created in syncgateway in order to access the CouchbaseServer correct?


#11

@preethi.minti Here’s the documentation for the user-related REST API:
http://developer.couchbase.com/documentation/mobile/1.2/develop/references/sync-gateway/admin-rest-api/user-admin/index.html

For custom authentication, you’re correct. The usual process is to have your custom auth service attempt to create a session for the user via the REST API, and if that fails, go back and create the user via the REST API. Some additional notes here:
http://developer.couchbase.com/documentation/mobile/1.2/develop/guides/sync-gateway/administering-sync-gateway/authenticating-users/index.html