Details
-
Task
-
Resolution: Fixed
-
Major
-
None
-
Security Level: Public
-
None
-
CBG Sprint 108
-
3
Description
Currently before we send a revocation / removal message in 3.x we first check whether the user has access to that doc / revision through another grant. If they have access through another grant we won't send the revocation / removal.
At present there is a situation in which we could end up revoking rev 2 leaving channel A when the user has access to rev 3 through channel B. If there are multiple replications to one client, one running A and one running B we could end up getting into a race condition where the revocation will arrive last and purge the document from the device.
One possible solution is to ignore the revision and do a check to see if the user has access to the most recent version of the document.
A couple things to verify:
- This is only the case if CBL ignores the rev and deleted the document based on doc id - I assume this is the case.
- Explore any edge cases to ensure this wouldn't cause any adverse affects which would dimish security
- Would this be better suited for CBL or SGW (or both)
Attachments
Issue Links
- is cloned by
-
CBG-2467 [3.0.4 Backport] Update UserHasDocAccess to check most recent rather than rev
- Closed