Usage of requireAccess() / Remove access for a channel for a specific user

Mobile
1

Hi everyone,

I have a question concerning the sync function. In my use case, I would like to create a channel(doc.id) and grant access to the user. Furthermore, I have a list doc.shareWithUsers where different users can be listed. Each listed user shall get access to the channel by access(doc.shareWithUsers[i].userID, doc.id). In this way, I can share a list with defined users.

My issue arises with the usage of requireAccess(doc.id).

Here is my complete function:

function (doc, oldDoc, meta) {

  if (doc.owner) {
    channel(doc.id);
    access(doc.owner, doc.id);
  }

  if (doc.shareWithUsers) {
    for (var i = 0; i < doc.shareWithUsers.length; i++) {
      access(doc.shareWithUsers[i].userID, doc.id);
    }
  }

  if(oldDoc){requireAccess(oldDoc.id);}
}

The code works fine without if(oldDoc){requireAccess(oldDoc.id);}. However, with it, I encounter the following issue: If I remove one user from doc.shareWithUsers, the related data are not removed from the related client where the user is logged in. The data remains available, but the synchronization is not maintained.

My question is, why is the data not automatically removed in the described case?

2

Since requireAccess() applies write security, it sounds like your intended update to the document (to remove a user from doc.shareWithUsers) is failing because the user attempting to make the update doesn’t have access to channel oldDoc.id.

4

It seems that the client cannot remove the data set from itself anymore, as it no longer has permission to access the channel. Below is the log from the client that is supposed to remove the data set from the local database:

flutter: 15:34:13.119030| [Sync] info: CBLReplicator status: busy, progress=8/148, flag=2, error=0/0 (effective status=busy, completed=0.05%, docs=0)
flutter: Replicator error: null
	Error-Domain: HTTP
	Error-Code: 403 }
flutter: 15:34:13.123806| [Sync] error: {Pusher#77} Got transient error response to rev '5abe7520-6f42-11ee-85c5-8bcc5786eec0' #16-85239bf73734b48e81397fdf05c1bdce0a383b59 (seq #357): HTTP 403 'sg missing channel access'
	Error-Domain: HTTP
	Error-Code: 403 }
flutter: 15:34:13.127366| [Sync] error: {Pusher#77} Got error response to rev '5abe7520-6f42-11ee-85c5-8bcc5786eec0' #16-85239bf73734b48e81397fdf05c1bdce0a383b59 (seq #357): HTTP 403 'sg missing channel access'

The fact that the client no longer has access to the channel seems to be correct behavior. However, how can I address this issue and remove the data set from the client in this scenario (automatically)?

5

When you say “remove the data set”, I assume you’re only talking about a single document (as your sync function only assigns documents to channel(doc.id)).

If I’m understanding your description properly, one of the users in the doc.shareWithUsers list is attempting to update the document to remove themselves from doc.shareWithUsers, and so revoke their own access to the document, and this is failing because they already have had their access revoked.

I agree this should work - it seems most likely that the document has already been modified on the server to remove their access. Have you tried reviewing the version of the document on the server to identify whether it’s current still granting the user access to the document?

6

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.