As a note for those who seek to control permissions using custom_data, here are a few tips.
assuming your custom_data collection is structured like this, we’ll call it ‘RealmPermissions’:
{
"title": "RealmPermissions",
"bsonType": "object",
"required": [
"_id",
"_partition",
"userId"
],
"properties": {
"_id": {
"bsonType": "string"
},
"_partition": {
"bsonType": "string"
},
"userId": {
"bsonType": "string"
}, // links the user to custom_data
"readPermissions": {
"bsonType": "array",
"items": {
"bsonType": "string"
} // contains partition values you want a user to read from
},
"writePermissions": {
"bsonType": "array",
"items": {
"bsonType": "string"
} // contains partition values you want a user to be able to write to
}
}
}
Once you have a user and their custom data linked, you can use a permission config like this:
Reading:
{
"%%partition": {
"%in": "%%user.custom_data.readPermissions"
}
}
Writing:
{
"%%partition": {
"%in": "%%user.custom_data.writePermissions"
}
}
Then you can add and remove permissions from these arrays on the RealmPermissions for fine grained control over a user’s access.
A little gotcha is that custom_data easily becomes stale and a newly added permission won’t necessarily be in the custom data when a user goes to access a realm if it has been recently created.
So, to solve this, I have prefaced all Realm.open(...)
calls with calls to Realm.User.refreshCustomData()
So far so good.
Happy realming.
B