I would like a recommendation on the best way to track field level permissions with Flexible Sync.
I’m using Swift Realm SDK. My objects are as follows…
class House: Object {
@Persisted(primaryKey: true) var _id: ObjectId
@Persisted var owner_id: String
@Persisted var avatarURL: String
@Persisted var caretakers: List<User>
}
final class User: Object {
@Persisted(primaryKey: true) var _id: ObjectId
@Persisted(originProperty: "caretakers") var caretakerFor: LinkingObjects<House>
}
Here, I want the owner (owner_id
) to have read and write access to avatarURL
, but anyone in the caretakers
list to only have read access to the field.
When setting my Flexible Sync role permissions, I tried something along the following…
"rules": {
"House": [
{
"name": "all", // This already feels incorrect, but I can't set the `applyWhen` based on document data since it is set at the start of the session.
"applyWhen": {},
"read": true,
"write": true,
"fields": {
"avatarURL": {
"read": {
"caretakers": {
"%stringToOid": "%%user.id"
} // Assume there is an "or" here for the owner
},
"write": { "owner_id": "%%user.id" }
}
},
"additional_fields": {
"read": false,
"write": false
}
}
]
}
However, I receive an error: role field "fields.avatarURL.read" expects a value of type "boolean", but provided value was of type "object"
So it would appear I cannot dynamically set the permissions of a field based on another field.
This approach seems good in the context of my objects since when I open a House
, I can see all the caretakers, and each User
can easily see all the houses they are caretakers for (thanks to the object linking). However, this doesn’t seem to fit in with how we configure Flexible Sync permissions.
Is there something I’m missing that would make this approach work? Or is there another strategy for tracking permissions is recommended?