How to hide documents at the CouchDb?

Question

Is there any possibility at CouchDB or Cloudant to hide documents for users?

1. I have 2 Member roles roleA and roleB assigned to the users.
2. I have a database with 3 documents created by these users: docA, docB, docC

All these documents could be viewed by _all_docs view by default

I need to have a maintainable and scalable solution to hide documents.

For example:

a) Documents docA and docC should be available to view by users with roleA only

b) Documents docB and docC should be available to view by users with roleB only

c) Admins could see everything

I have reviewed an official documentation, best practices and other similar topics, but I can't find any scalable solution for this task

Answer 1

First of all in CouchDB, the _all_docs view is a built-in view that allows you to retrieve a list of all documents in a database. By default, any authenticated user with read access to the database can query the _all_docs view.

Also CouchDB doesn't inherently provide a feature for hiding documents, you can implement security measures to control access only for editing documents based on user roles and permissions using validate_doc_update function at the _design document

For example:

"validate_doc_update": "function (newDoc, oldDoc, userCtx, secObj) {
  if (userCtx.roles.indexOf('roleA') === -1) throw({
    forbidden: 'Only users with roleA can edit documents!'
  });
  return;
}"

One more poor situation is how to debug these functions in case we have more complex logic.