Misleading error message when trying to add attachment to unavailable document

[adamcfraser]

If a user tries to push an attachment to a document they don't have read access for, they get the error message:
user defined top level properties beginning with '_' are not allowed in document body

This is a result of the attempted retrieval of the original revision coming back with the _removed property (due to failed access).

[ajres]

Is the expected behaviour to return a more useful error message, or to handle this as a special case?

I don't think we have this behaviour documented anywhere, usually we present read and write access as separate concerns.

[adamcfraser]

That's a good question.

The main issue is that the attachment convenience APIs are doing a read-then-write on the Sync Gateway side, and are doing a few things that aren't the same as the usual docs flow.

I'm on the fence about whether we should allow users to push attachments for documents they can't read through the attachment convenience APIs. For the case where an author doesn't have read access to their own docs, they could already add attachments through the normal doc update process (with _attachments property), so it's not technically a security hole. As you say - we usually treat read and write access as separate concerns.

However, it feels like a potential security gap/information leak for a user to be able to read a document during the read-then-write, even if that doc isn't getting returned to the client. I feel like we should just be returning a 'not found' error.