I'm using Publish-Subscribe with RethinkDB.
For exchange I use one db named 'RPI_messages' with three tables:
Connector_messages
MAC_messages
Orders
I want to introduce some basic authentication on producer and consumer sides like this:
r.db('rethinkdb').table('users').insert({id: 'lis', password: 'somepassword'})
r.db('rethinkdb').table('users').insert({id: 'rpi', password: 'someotherpassword'})
r.db('RPi_messages').grant('lis', {read: false, write: true, config: true}) //producer
r.db('RPi_messages').grant('rpi', {read: true, write: false, config: true}) //consumers
r.db('rethinkdb').table('permissions')
shows this:
{
"database": "RPi_messages" ,
"id": [
"lis" ,
"007928e5-c654-4311-b3aa-a834c62dcf88"
] ,
"permissions": {
"config": true ,
"read": false ,
"write": true
} ,
"user": "lis"
}
Problem: When I try to publish or to subscribe to exchange it throws an exception:
ReqlPermissionError: User `lis` does not have the required `config` permission in:
r.db_create('RPi_messages')
rethinkdb.errors.ReqlPermissionError: User `rpi` does not have the required `config` permission in:
r.db_create('RPi_messages')
Does this mean that my users need to have global permissions? Any help greatly appreciated.
So, with fairly bit of try and error I made it work. For anyone else: You need
configpermission on global scope for every user in your pub-sub system like this:...and following permissions on table(s) or, in my case, on database scope:
Correct me if I'm wrong but this doesn't look very secure to me. Those permissions are needed because Exchanger class in rethink's pub-sub system looks if exchange table exists and creates on if it doesn't. Which means that anyone who gets one of your client subscriber devices can create as many tables in your db as they want.