Can someone pretty please help guide me to the correct sync permissions for the most basic Realm Sync app? I want an authenticated user to be able to read and write their own data. That’s it. There’s no public data. No other rules.
The defaults that come with the Realm + Swift template are the following:
{
"%%partition": "%%user.id"
}
And the partition key is also the default, set to " _partition, string, required".
When I try my basic test app, the console spits out the error:
“user does not have permission to sync on partition (ProtocolErrorCode=206)”
Setting both fields to “true” allows me to sync, but this is insecure, correct?
Create a Realm Function named canReadWritePartition that looks like this:
exports = function(partition) {
console.log(`Checking if the partition ${partition} matches the user id (${context.user.id})`);
return partition === context.user.id;
};
You can then check the Realm logs to confirm what _partition and user.id were set to (and why they don’t match).
Thank you for the reply Andrew. I’m tried your suggestion (and I should reiterate that I’m just going off the defaults for a fresh app). The value of _partition is set to
user=611fb02e79c8aaa253621e06
The console spits out:
Checking if the partition user=611fb02e79c8aaa253621e06 matches the user id (611fb02e79c8aaa253621e06)
OK - that console output is useful. The doc’s partition is user=611fb02e79c8aaa253621e06, whereas the user id is 611fb02e79c8aaa253621e06.
Your updated expression is a good idea, but I’m not sure if there’s a JSON expression syntax that will concatenate "user=" and "%%user.id".
tbh, I almost always delegate the check to a Realm Function rather than trying to get clever in the JSON expression. To solve it that way, keep the JSON expressions as I described but update the check in the function to: