Fine Grained Permissions in Swift

cloud

#1

Hello,

I’m setting up an app based on the documentation. My setup is simple :

  • Use Default Realm (realm.cloud)
  • Have one Class (ToDo)
  • Control visibility access to ToDos based on permissions[] field.

If I do everything as the docs recommends :

 let person = getPerson()
​
    // Create a new permission object for the user's private role and
    // add it to the objects permissions
    let permissions = person.permissions.findOrCreate(forRole: user.role)
    permissions.canRead = true
    permissions.canUpdate = true
    permissions.canDelete = true
    permissions.canSetPermissions = true

The app ends up creating a new __Permission object for every ToDo (or Person in the code above). This results in lots of wasted data, not to mention a single ToDo.delete() doesn’t remove the associated permission, so maintenance would be additional effort.

My question is : Is this the expected behavior? Is there something wrong in the sample code? Ideally I’d have one (or few based on permissions) __Permission object per user, which would be linked with all the ToDo’s.

Thanks,

Balint


#2

@balint What are you trying to accomplish? Perhaps you are looking to apply permissions on an entire class ? In which case I would recommend class-level permissions:
https://docs.realm.io/platform/using-synced-realms/access-control#class-level

There are also realm level permissions which would apply to all objects within a realm.

We would recommend that you have a default catch-all role. For instance the Person object has a default class-level Read permission. You can then choose a subset of users that you then apply read/write permissions to for that Class. And then even more granular - one user has the ability to SetPermissions. You can see that you can design a cascading of permissions similar to an access control list.


#3

How do you get access to the user.role? I’m going mad trying to find it in the API!!