Revoking access to a channel

I have some “access control” docs like this:
{"username": "some_user", "channel_assignments": ["channel1", "channel2"]}.
I use access(doc.username, doc.channel_assignments) to assign channels to users in the sync function.

This works fine at first - the client app replicates the DB (using CouchDB lite) and loads only docs from the assigned channels.

However, removing a channel from channel_assignments does not work as expected, as the docs in the channel that was removed remain on the client. Any idea what’s going on? If I delete the DB and replicate from scratch, only the expected docs end up on the client.

Am I doing this wrong? How can I get the replication to remove documents for which access was revoked?

The behavior you are seeing is expected by current design. If a user loses access to a channel, the documents that were previously synced down by the user will not be removed from the client device.
This is a product enhancement that is on our radar.

Your options for now

  1. See if you can rearchitect your solution so instead of user losing access to channel, you have the documents removed from user’s channel - because in that case, that will trigger an auto purge
  2. One of the workarounds described here https://github.com/couchbase/sync_gateway/issues/264

Thank you for the quick answer! I’m still quite new to CouchDB; sorry I wasn’t able to find that github issue myself.

I think I’ve now basically built workaround #1 from the github topic: I wrote a query on the client that finds all docs the user no longer has access to, and purges those on the client-side. It seems to work nicely so far.

Great to know that worked!

How were you able to remove the channel from channel_assignment ? I’m trying to do the same through the sync function but am not able to. Can you please share how you were able to do it?

I answered in the new thread you created.