Hey Jakob, First of all thanks a ton for this extremely detailed outline and your help. It helped me a lot to understand where the weaknesses of SG are and that we are not alone. We initially thought that it must be us not understanding the concept but it seems that it is a much bigger issue for lots of people.
But why is that? I would think granting access is pretty much the basis for any production deployment and fine grained access control is a must. For example it would be relatively easy to accomplish our task if we would have the ability to update documents referenced from another document change. Meaning if project document gets updated, the sync function could gather all profile files with a reference to this project document and update the channel permissions. If course that would require features such as cross document reference and removal of channel access. As for now you approach seems very holistic but it naturally is relatively complex. Looking at our challenges, we could get away with the fact that documents don't get removed from the local database once access is removed, a feature I am hoping will make it into the CB product soon. So what about this slightly confusing but straight forward idea: 1. User A joins project Z 2. Project Z grants channel access to user A 3. User A determines what projects he/she has access to during runtime 4. Maintains an array of projects in userProfile.memberships which grants access to project channel Once the user gets removed from project A, the item in memberships get removed as well, revoking access to the user profile. Of course the elephant in the room is the fact that access removal is based on the runtime of the user but ultimately it only affects the user profile of that user meaning this user never logs in again people still have access to his profile information but then he couldn't update information as well... Not pretty, in fact pretty nasty, but it works... Thanks Christoph On Thursday, April 2, 2015 at 11:46:24 AM UTC-7, Christoph Berlin wrote: > > Hi everyone, > > we are struggling a bit a little bit with finding a suitable channel > structure for our project. Here are the requirements: > > 1) Each user has a profile document (first name, last name, user ID, etc.) > Those profile documents are initially accessible by the owner only > 2) A user can create a project (represented by a project document that has > a name, members, etc.) > 3) The owner of the document can invite other users to join the project, > in this case the members of the projects get added to the project channel > > So that works, the users have access to the project file but how would we > enable access to each user profile document so that users can see each > other's information? It seems easy but its not (for us at least)... > > Another way to look at it, is the couchbase labs chat app. Instead of > having all profile be accessible by everyone, how could we limit exposure > by adding the chat profiles into a channel. New members would have to be > added via email address... > > Attempts: > 1) We initially thought that we add those profile documents to the project > channel but that doesn't work because the profile document is not aware of > all the projects the owner has access. The project file has a member array > but the profile documents don't. We could maintain a manual configuration > within the profile document (for example memberships) but that seems kind > of backwards and hard to maintain. > > 2) Another idea was to have the sync function take care of it but that > doesn't work because the sync function works on a document basis - meaning > only when a document changes it triggers a change. We cannot update a > different document than the one who triggered the change. > > 3) Being tired of it we thought about just ignoring the fact of protecting > the profile account and making them public but then they all get synced to > each device...and that doesn't seem to make sense as well if you have a > million profiles... > > Does anyone have any ideas how to accomplish this? Any pointer is much > appreciated it. > Christoph > > Again: > > > Project document -> creates project channel with members being able to > access > Profile documents -> profile channel with owner access > > How to enable sync for all profile documents of the members in the project. > > > -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/d39c55f4-bd63-4190-a1db-de08cf11767e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
