Skip to content

adapt replication-backend to give access only to own user's notifications_xxx DB #172

New issue
New issue
Open
Open
adapt replication-backend to give access only to own user's notifications_xxx DB#172
Labels
Status: Complex Issueadvanced, particularly challenging topic that requires extensive knowledge of the code base
@sleidig

Description

@sleidig
sleidig
opened on Jan 28, 2025
  • Check and possible adapt the Permission system in the replication-backend as we introduce additional databases (notifications-<USER_ID>). Do the endpoints still function as expected?
  • Adapt the permission system to grant/deny access to a whole user-specific database:
    • e.g. by default a user should always access the CouchDBs for that account (notifications-<MY_USER_ID>) but never those of other accounts (notifications-<OTHER_USER_ID>).
    • an explicit permission for the NotificationEvent entity type shouldn't be required in Config:Permissions (because the access is handled by splitting it into the user-specific couchdb)
    • How do we encode or hard-code these rules?
    • Implement the additional checks

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: Complex Issueadvanced, particularly challenging topic that requires extensive knowledge of the code base

    Type

    No type

    Projects

    All Tasks & Issues

    Status

    Todo (ready for work)

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions