How to show and replicate documents for certain users and roles only?

Question

I'm building a collaboration app with couchdb and pouchdb.

I want to implement a calendar feature.

Let's say there is an event like "secret meeting" that involves the users Jessica and James, so the event should have read, update and replicate capabilities only for Jessica and James. Or, let's say, I have an event like "general meeting" that should have read, edit and replicate capabilities only for all current (and FUTURE!) users having the role "office".

I know that there is no per-document-access control in couchdb. I also read about using "proxy servers" but I don't understand how they work.

I read a lot about using "one document per user". How do I keep the documents in-sync in each database, then? I could make a DATABASE for each event, but how do I query for views showing all my events? Do I also have to keep a database-per-role?

This is the most normal use case every web app nowadays has! Think Facebook, think Whatsapp, every chat app.

How should you use CouchDB if you can't limit the access to certain documents?

Answer 1

I ended up developing a PROXY server for my databases which sits in front of my main databases and filters the data. It has its own port and queries Couchdb on port 5984 for permissions. I used nodejs and the Nano couchDB adapter for that.

Answer 2

Yes, you should have a database per user, you will use filtered replication to place into each database all the event documents related to that user or the roles that user belongs to, then you will replicate that entire DB down to the user's PouchDB.