Details
-
Improvement
-
Resolution: Fixed
-
Critical
-
None
-
Security Level: Public
-
None
Description
Currently before we send a revocation / removal message in 3.x we first check whether the user has access to that doc / revision through another grant. If they have access through another grant we won't send the revocation / removal.
At present there is a situation in which we could end up revoking rev 2 leaving channel A when the user has access to rev 3 through channel B. If there are multiple replications to one client, one running A and one running B we could end up getting into a race condition where the revocation will arrive last and purge the document from the device.
One possible solution is to ignore the revision and do a check to see if the user has access to the most recent version of the document.
A couple things to verify:
- This is only the case if CBL ignores the rev and deleted the document based on doc id - I assume this is the case.
- Explore any edge cases to ensure this wouldn't cause any adverse affects which would dimish security
- Would this be better suited for CBL or SGW (or both)
Attachments
Issue Links
- Clones
-
CBG-2277 Investigate updating UserHasDocAccess to check most recent rather than rev
-
- Closed
-