couchbase · torcolvin · May 21, 2024 · Jan 18, 2024 · Jan 18, 2024 · Jan 18, 2024
diff --git a/db/database.go b/db/database.go
@@ -2438,3 +2438,19 @@ func (dbc *DatabaseContext) InstallPrincipals(ctx context.Context, spec map[stri
 	}
 	return nil
 }
+
+// DataStoreNames returns the names of all datastores connected to this database
+func (db *Database) DataStoreNames() base.ScopeAndCollectionNames {
+	if db.Scopes == nil {
+		return base.ScopeAndCollectionNames{
+			base.DefaultScopeAndCollectionName(),
+		}
+	}
+	var names base.ScopeAndCollectionNames
+	for scopeName, scope := range db.Scopes {
+		for collectionName := range scope.Collections {
+			names = append(names, base.ScopeAndCollectionName{Scope: scopeName, Collection: collectionName})
+		}
+	}
+	return names
+}
diff --git a/docs/api/components/responses.yaml b/docs/api/components/responses.yaml
@@ -180,3 +180,9 @@ DB-config-precondition-failed:
       example:
         error: Precondition Failed
         reason: Provided If-Match header does not match current config version
+All_user_channels_response:
+  description: Map of all keyspaces to all channels that the user has access to.
+  content:
+    application/json:
+      schema:
+        $ref: ./schemas.yaml#/all_user_channels
diff --git a/docs/api/components/schemas.yaml b/docs/api/components/schemas.yaml
@@ -2512,3 +2512,28 @@ CollectionNames:
           - Starting
           - Stopping
           - Resyncing
+all_user_channels:
+  description: |-
+    All user channels split by how they were assigned to the user and by keyspace.
+  type: object
+  properties:
+    all_channels:
+      description: |-
+        All channels that the user has access to.
+      type: object
+      properties:
+        keyspace:
+          type: object
+          properties:
+            channel:
+              $ref: '#/channelEntry'
+channelEntry:
+  description: Channel name
+  type: object
+  properties:
+    entries:
+      type: array
+      description: Start sequence to end sequence. If the channel is currently granted, the end sequence will be zero.
+    updated_at:
+      type: integer
+      description: Unix timestamp of last update
diff --git a/docs/api/diagnostic.yaml b/docs/api/diagnostic.yaml
@@ -36,6 +36,8 @@ paths:
     $ref: './paths/diagnostic/keyspace-sync.yaml'
   '/{keyspace}/import_filter':
     $ref: './paths/diagnostic/keyspace-import_filter.yaml'
+  '/{db}/_user/{name}/all_channels':
+    $ref: './paths/diagnostic/db-_user-name-_all_channels.yaml'
 externalDocs:
   description: Sync Gateway Quickstart | Couchbase Docs
   url: 'https://docs.couchbase.com/sync-gateway/current/index.html'
diff --git a/docs/api/paths/diagnostic/db-_user-name-_all_channels.yaml b/docs/api/paths/diagnostic/db-_user-name-_all_channels.yaml
@@ -0,0 +1,28 @@
+# Copyright 2022-Present Couchbase, Inc.
+#
+# Use of this software is governed by the Business Source License included
+# in the file licenses/BSL-Couchbase.txt.  As of the Change Date specified
+# in that file, in accordance with the Business Source License, use of this
+# software will be governed by the Apache License, Version 2.0, included in
+# the file licenses/APL2.txt.
+parameters:
+  - $ref: ../../components/parameters.yaml#/db
+  - $ref: ../../components/parameters.yaml#/user-name
+get:
+  summary: Get all channels for a user
+  description: |-
+    Retrieve all channels that a user has access to.
+
+    Required Sync Gateway RBAC roles:
+
+    * Sync Gateway Architect
+    * Sync Gateway Application
+    * Sync Gateway Application Read Only
+  responses:
+    '200':
+      $ref: ../../components/responses.yaml#/All_user_channels_response
+    '404':
+      $ref: ../../components/responses.yaml#/Not-found
+  tags:
+    - Database Security
+  operationId: get_db-_user-name_-all_channels
diff --git a/rest/diagnostic_api.go b/rest/diagnostic_api.go
@@ -0,0 +1,76 @@
+//  Copyright 2013-Present Couchbase, Inc.
+//
+//  Use of this software is governed by the Business Source License included
+//  in the file licenses/BSL-Couchbase.txt.  As of the Change Date specified
+//  in that file, in accordance with the Business Source License, use of this
+//  software will be governed by the Apache License, Version 2.0, included in
+//  the file licenses/APL2.txt.
+
+package rest
+
+import (
+	"fmt"
+
+	"github.com/couchbase/sync_gateway/auth"
+	"github.com/couchbase/sync_gateway/base"
+	channels "github.com/couchbase/sync_gateway/channels"
+	"github.com/gorilla/mux"
+)
+
+type allChannels struct {
+	Channels map[string]map[string]channelHistory `json:"all_channels,omitempty"`
+}
+type channelHistory struct {
+	Entries []auth.GrantHistorySequencePair `json:"entries"` // Entry for a specific grant period
+}
+
+func (h *handler) handleGetAllChannels() error {
+	h.assertAdminOnly()
+	user, err := h.db.Authenticator(h.ctx()).GetUser(internalUserName(mux.Vars(h.rq)["name"]))
+	if err != nil {
+		return fmt.Errorf("could not get user %s: %w", user.Name(), err)
+	}
+	if user == nil {
+		return kNotFoundError
+	}
+
+	resp := make(map[string]map[string]channelHistory)
+
+	// handles deleted collections, default/ single named collection
+	for _, dsName := range h.db.DataStoreNames() {
+		keyspace := dsName.ScopeName() + "." + dsName.CollectionName()
+
+		currentChannels := user.InheritedCollectionChannels(dsName.ScopeName(), dsName.CollectionName())
+		chanHistory := user.CollectionChannelHistory(dsName.ScopeName(), dsName.CollectionName())
+		// If no channels aside from public and no channels in history, don't make a key for this keyspace
+		if len(currentChannels) == 1 && len(chanHistory) == 0 {
+			continue
+		}
+		resp[keyspace] = make(map[string]channelHistory)
+		for chanName, chanEntry := range currentChannels {
+			if chanName == channels.DocumentStarChannel {
+				continue
+			}
+			resp[keyspace][chanName] = channelHistory{Entries: []auth.GrantHistorySequencePair{{StartSeq: chanEntry.Sequence, EndSeq: 0}}}
+		}
+		for chanName, chanEntry := range chanHistory {
+			chanHistoryEntry := channelHistory{Entries: chanEntry.Entries}
+			// if channel is also in history, append current entry to history entries
+			if _, chanCurrentlyAssigned := resp[keyspace][chanName]; chanCurrentlyAssigned {
+				var newEntries []auth.GrantHistorySequencePair
+				newEntries = append(chanEntry.Entries, resp[keyspace][chanName].Entries...)
+				chanHistoryEntry.Entries = newEntries
+			}
+			resp[keyspace][chanName] = chanHistoryEntry
+		}
+
+	}
+	allChannels := allChannels{Channels: resp}
+
+	bytes, err := base.JSONMarshal(allChannels)
+	if err != nil {
+		return err
+	}
+	h.writeRawJSON(bytes)
+	return err
+}