Clever Geek Handbook

Configuring Permissions and Shares for Multiple Users

I am using Realm Swift and Realm Object Server as a storage solution for the applications I am working on. I could use a traditional relational database server, but I don't really need a server to do any real work. The only backend I really need is just storing and syncing data. The kingdom seems to provide exactly what I want.

So far, I have a working example of a scope. The problem I started working with is access control. I feel like I may have a fundamental misunderstanding of what the Kingdom can provide for me, and there are no fantastic resources out there. Realm's documentation is quite detailed, but it doesn't have the best working examples.

My app will be used to track teams from an available set of players. The set of players will be relatively constant and unchanged. However, the teams will change frequently. With this in mind, I had the following idea for setting up my Realm:

  • United kingdom, comprising a plurality of players: /Players

    . Every user should have read access to this area, but only administrators should write and manage.
  • One kingdom for every user of the application /~/MyRoster

    . This area must be read / written by this user. I think the user should be able to grant another user temporary read / write access to their area.
  • Multiple users should be able to form a team where they can read (and potentially write) lists of all team members.

Does this sound like an acceptable use of the Realm backend? How do I manage the central shared data pool? Should I just create a realm /~/MyRoster

for the user as soon as they register? How can I customize the permissions the way I want them? The permissions structure seems very strange to me. It looks like I can use the constructors PermissionOffer/PremissionOfferResponse

to achieve the Realm sharing that I want.

Any help would be greatly appreciated.

+3


source to share


1 answer


Thanks for the detailed report. Your proposed architecture seems appropriate. Here's what I would recommend:

  • For the Global /Players

    Realm, I would create this during development. This is a bit awkward today in that you have to use the client SDK to open Realm as an administrator (because only admin users can create Realms outside of their realm /~/

    ). You can create code in your application that, if you are logged in as administrator, will open a realm /Players

    and then apply the permission change to that realm:
let permission = SyncPermissionValue(realmPath: "/Players",
                                 userID: "*", // To apply to all users
                                 accessLevel: .read)
user.applyPermission(permission) { error in
  if let error = error {
    // handle error
    return
  }
  // permission was successfully applied
}


This code path does not need to be run more than once. Our plan is to add this kind of functionality to the browser in the dashboard so you can manually create a global Realm and configure permissions without using the client SDK.

  1. For custom Realms, you don't need to create them immediately, because the Realms will be lazily created when the user ultimately needs them. I mean the Realm is configured in such a way that you can open the Realm on the client synchronously (including being able to work offline) and then after the first creation when the client syncs with the server the server will actually know and also create a Realm in it. Thus, you need to configure the client code to open Realm at /~/MyRoster

    if needed.

    In terms of granting permissions to other users, this will use the Swift Access Control API to apply permission to change user rights and grant access to another user. This can be done dynamically so that the user can grant and then revoke permission as needed.

  2. For the third part on groups, I will create another global Realm /Group

    that has read / write access for all users that contain the group view. For example, you might have an object Group

    that contains a list property that binds to objects User

    , with 1 User

    per user in your application. This way, each user can make changes to the Realm to represent the groups of which he / she is a part.

    You can configure the Realm function to listen for changes in a realm /Group

    , so that when a user is added or removed to a group, the function will trigger the necessary permission changes for the various Realms in the group.

    Now, if you are concerned about controlling access to the /Group

    Realm, you can instead install the Realm function, which uses the admin user to apply changes to /Groups

    , listening to the custom realm /~/MyRequests

    , where the user could write an object to that Realm, which would call a function to make changes to the group Realm. This way you can prevent unauthorized requests and keep /Group

    Realm available only to all users, but administrators.

+6


source






More articles:


All Articles