requireAccess throws even though user has access to "*"

[mjq]

version: master(10b35bb)

Users block in config.json:

"users": {
  "GUEST": {"disabled": true},
  "hub": {"name": "hub", "password": "password", "admin_channels": ["*"]}
}

Sync function:

function(doc) {
  requireAccess("some_channel");
}

I would expect attempts to write documents by the user "hub" to succeed, since "*" grants access to all channels. But, attempts to write fail:

2015-04-17T22:44:29.792Z HTTP: #022: PUT /default/000AFE45-17B2-47CB-9B44-364D1409F7D9 (as hub)
2015-04-17T22:44:29.967Z Sync fn rejected: new=map[title:test type:Activity _id:000AFE45-17B2-47CB-9B44-364D1409F7D9 _rev:1-e05f0c702b2f773ca0421f08885e6f06] old= --> 403 missing channel access
2015-04-17T22:44:29.967Z HTTP: #022: --> 403 missing channel access (175.3 ms)

It looks like requireAccess doesn't consider the * channel.

[adamcfraser]

This looks like a valid scenario - will get this included in an upcoming sprint.

[tleyden]

Related to #815

[adamcfraser]

Looking at this closer, I think it's actually more to do with a mistaken interpretation of * (i.e. what we're trying to clarify with #815), and not a bug in requrireAccess.

In the above example, user hub is being granted access to the channel named *, not to all channels (i.e. * is a named channel, not a wild card). The * channel contains all documents, but this is different than the user being granted access to all channels.

The above use case is actually an example where this distinction is important - the user might have been granted access to read all documents (via the * channel), but not given the ability to update all documents.

@mjq - in this scenario I think that requireAccess is working as intended - if you want to allow users with * channel access to make updates, you could change your requireAccess call to `requireAccess("some_channel", "*").

[househippo]

"`requireAccess("some_channel", "*")."

It be great to get this solution documented.