Couchdb / Pouchdb Relation between multiple users and multiple documents

2
votes

I have a problematic here: I'm builing a mobile app with ionic frmaework who needs to be able to work offline.

I'd like to adopt the CouchDB / PouchDB solution. But to do that i need to know how to put my data in the noSQl datatbase (MySQL user before ...). So, nosql is new to me but it seems interesting.

So my app has a connection part so a user database. And each user has documents who are attached to him. But many users can have many documents (sharing documents). And I want to replicate the data of one user (so his information + his documents on the mobile app).

What I thought is this:

One database per. One database for all Document with a server filtering to send only the documents that belongs to the user.

And on the client side I'd juste have to call :

var localDB = new PouchDB("myuser");
var remoteDB = new PouchDB("http://128.199.48.178:5984/myuser");
  localDB.sync(remoteDB, {
    live: true
  });

And like that on the client side I'd have something like that : 

{
    username: "myuser",
    birthday : "Date",
    documents : [{
        "_id": "2",
        "szObject": "My Document",
    },
    {
        "_id": "85",
        "szObject": "My Document",
    }]
}

Do you think something like that is possible using Couchdb and pouchdb, and if yes, am I thinking about it the right way? I read it's not a problem to have one database per document, but I don't know if the replication will work like I imagine it

1
javascriptdatabasedatabase-designcouchdbpouchdb

1 Answers

2
votes

Plain CouchDB doesn't have any per-document access options, but these could be your solutions:

A. Create a View, then sync Pouch-To-Couch with a filter. But although this will only sync the documents that the user is supposed to see, anyone with enough knowledge could alter the code and view someone else's documents or just do anything with the database actually (probably not what you're looking for).

B. Create a master DB with all documents, then a database for each user, and a filtered replication between the master & per-user-dbs. Probably the simplest and most proper way to handle this.

C. Unfortunately there isn't a validate_doc_read (as there is a validate_doc_update) but perhaps you could make a simple HTTP proxy, which would parse out incoming JSON, check if a particular user can view it and if not, throw a 403 Forbidden. Well you'd also have to catch any views that query with include_docs=true.

(late reply, I hope it's still useful - or if not, that you found a good solution for your problem)