Hi! I’m currently developing a system that has the following principles:
- Every user has their own data. One user cannot see the data from another user.
- One user can use several devices.
- There is data that is shared between devices. And there is data that is personal to each device.
Now, for this I created all schemas with the following field:
owner_id: 'string'
In this field I always store realm.syncSession.user.id
When I instance the “Shared” data, the config looks like the following:
const config = {
schema: [
... list of schemas
],
schemaVersion: SCHEMA_VERSION,
sync: {
user: app.currentUser,
partitionValue: app.currentUser.id,
newRealmFileBehavior: OpenRealmBehaviorConfiguration,
},
};
realm = await Realm.open(config);
And when I use the Device data I do the following:
const config = {
schema: [
... list of schemas
],
schemaVersion: SCHEMA_VERSION,
sync: {
user: app.currentUser,
partitionValue: TERMINAL_PARTITION_KEY,
newRealmFileBehavior: OpenRealmBehaviorConfiguration,
},
};
realm = await Realm.open(config);
Where TERMINAL_PARTITION_KEY is an unique Identifier for the device.
Now, in the realm side of things, I configured the following:
- Choose a Partition Key: _partition (index by this field)
- Define Permissions: No template
The _partition field is added automatically. Now, my questions are the following:
- Is this approach correct?
- Is there any way to set permissions so only the owner can read their data? Because If I use the template “Users can only read and write their own data” the template looks like the following:
read/write:
{
"%%partition": "%%user.id"
}
Partition is only the same value as user.id only in the shared data. But in the device only it isn’t. Is there any way to check for owner_id field instead of the partition?