requireAccess() doesn't work?


#1

Here mine CSG conf:

    "vm3" : {
        "server": "http://127.0.0.1:8091",
        "bucket":"vm3",
        "revs_limit": 5,
        ...
        "sync":`function(doc, oldDoc){
            var chan=null;

            if (doc.type=='fruit') {
                chan = doc._id.replace(/:/g, '');
            } 

            requireAccess(chan);
            access(doc.members,chan);
            channel(chan);
        }`
    }

I have 2 type of user:

  • admin(A) with channel ["*"]
  • other(O) with channel []

When A save a doc, he puts on doc.member the name of a user:

{
   doc._id : 1
   doc._rev: 1
   doc.member : ["user1"]
   doc.type : "fruit"
}

When A save again the doc 1 removing the member:

{
   doc._id : 1
   doc._rev: 2
   doc.member : []
   doc.type : "fruit"
}

user1 doesn’t get the any changes but on his client he still to see the first doc(rev1). Until Here everythings works fine.

But when user1 retry to save the doc1 whit rev1 he doesn’t get 403 like aspected from requireAccess(chan) validation.

Where is my fault?

Is it possible to use console.log() on CSG conf. How i can setup the log section?

On the documentation page i read about requireChannels() function but it doesn’t exist.


#2

you can set

"log": ["*"],

and then you can use
console.log

for debug.

if you are using SG 1.4+ you can also use console.debug by set log rotation


#3

thanks for that… the other question?


#4

I think requireChannels is means requireAccess


#5

yes i think too, but i think they must fix their documentation. the problem is the first question.


#6

yes, may be @adamf can offering help.


#7

@g.andrea

I have created a ticket to track the docs issue.

In your scenario, make sure your clients are using the Sync Gateway public REST API on port 4984 and not the Admin port 4985.

If you use the admin port the requireAccess() call will always return true.


#8

Thanks @andy

i’m sure that i use the admin port throught nodejs server, so probably this is mine the problem. Can i ask you where i can found on the documentation what you write me? is there other differents between function that i can use with admin and public port?


#9

Hi @g.andrea,

The differences are going to be around the REST API exposed, and privileges to do things. You can think of the sync function executed due to requests via the admin port as having superuser privileges. I don’t think this is broken down by function anywhere.