I am using Couchbase's Sync Gateway and want to restrict the access to the documents. Furthermore, the individual restriction for each document should take into account what is currently happening: The document is just being read or it is either being created or changed in some way. To this end, I can use oldDoc and deleted:
deleted : truedeleted : trueBasically, "CUD" is documented. What I have not found out so far, is how I restrict the Read access to the documents.
E.g. there may be an admin user who is allowed to create, update and delete a specific type of document (and of course see it). A normal user on the other hand would only be allowed to see this document but could neither create nor update / delete it.
I think this is a good use case for using the role api available in the sync function.
For example, the admin user would have the admin role. You can assign a role to a user with the role function.
Then both the normal and admin user have access to the channel containing the document.
And use the requireRole function to check the user has the admin role to allow the CUD operations.