0

I need to implement a shared global realm where users can write new records and delete their previous ones but not delete other users records.

Example, a comment system.

I made it via object permission using query based sync but I cannot understand how to easily implement it via full-sync.

Has someone done it? How have you accomplished that? Thank you.

DxW
  • 1,414
  • 3
  • 11
  • 23
  • Going to mention this is a cross post to [Full Sync - How to implement a global comment system](https://forums.realm.io/t/full-sync-how-to-implement-a-global-comment-system/3463) in case someone answers in one place but not the other. – Jay Jan 03 '20 at 18:14

2 Answers2

0

You can get that same functionality as long as each user has their own Realm. Permissions on a Full Sync Realm can be offered to other users to allow them read/write access to a users Realm.

See Offering Permissions

You would need to break down your global realm into individual ones but that's one option.

If you are storing all users data on one, global realm. It’s going to be a bit more challenging as you don’t have a fine grained control over what other users are doing.

However, you could implement logic in the app that controls who can/cannot work with an object. So for example, a ToDo object could have a ‘created_by_user_id’ property 

class ToDoClass: Object {
   @obc dynamic var to_do_id = ""
   @obc dynamic var created_by_uid = ""

    override static func primaryKey() -> String? {
        return "to_do_id"
    }
}

and using app logic, when another user goes to delete that users ToDo, it could compare the created_by_uid property to the current users id to see if they match. If not, disallow delete.

Jay
  • 34,438
  • 18
  • 52
  • 81
  • It doesn't seems a secure option. If I understand well in this way all users will be able to write other users comments (not with the app because of the check you suggested but writing a node script someone could) – DxW Jan 05 '20 at 09:59
  • @DxW In my first suggestion each Realm has a discreet set of permissions that enables you to control read/write to a specific realm. So for example, my Realm *Jay's Realm* gives me full read/write permissions. I can invite you to my Realm with Read Only Access. So the code would be *SyncUser.createOfferForRealm(at:, .read:, expiration:, callback:)*. In my second suggestion, if you've invited someone to access your realm with .write access, you can still deny that at the app level. Is it less secure, yes, but it does allow on-the-fly access changes. – Jay Jan 05 '20 at 14:00
  • I don't register every user before so I should give permission to the shared realm with a node js server anyway when a new user register. Plus I can give permission only at realm level and so every user could edit the whole database. – DxW Jan 05 '20 at 15:16
0

I was thinking of using a node js server that update a global database when something happens in the users databases.

It works like this (tested, I need to understand how it scales.

I use a listener for users databases, so users can insert rows in their database offline and when they go back online the node js server can replicate the data on the global database). So on the client I’ll have a property with the sync status (local, synched, deleted ) on the classes I need offline.

DxW
  • 1,414
  • 3
  • 11
  • 23
  • I think you comment to my answer also applies here *but writing a node script someone could* - as soon as you have a global database, then any user with write access could write a node script to alter it. Maybe I misunderstand; are you suggesting not using Realm Object Server but instead, only storing the data locally and using some other mechanic to then move that data from local to some kind of cloud storage? – Jay Jan 05 '20 at 14:04
  • No, I have in practice: 1) A global read only (except for the admin that can also write it) Realm (with sync) 2) A personal read/write realm (with sync) An user, even with a node script, could only write his own realm so his own data. When an user do that there is a node server (with admin privileges) that replicate the data the user write on his realm to the global realm. In this way everyone has access to data written by everyone but can edit only the data on their realm (data that are synched to the global one via the node js server) – DxW Jan 05 '20 at 15:21