Reduce everyone role with c# sdk


#1

I am using realm platform with the default realm.
I want to reduce the everyone role to read only (CanRead + CanQuery).
I could not manage to reduce the permissions to read only. If I look at realm studio all permissions in __Permission remain the same.
The documentation does not contain any samples yet.
Could anyone please provide the snippet to reduce the “everyone” role to read-only?

                var realmConfiguration = new QueryBasedSyncConfiguration(realmUri, user);
                var realm = Realm.GetInstance(realmConfiguration);

                realm.Write(() =>
                {
                    //get role everyone and admin
                    var everyone = PermissionRole.Get(realm, "everyone");
                    var admin = PermissionRole.Get(realm, "admin");

                    //remove all permissions from everyone role
                    var permissions = realm.All<Permission>().ToList();
                    permissions = permissions.Where(x => x.Role.Name == "everyone").ToList();
                    foreach (var p0 in permissions)
                    {
                        realm.Remove(p0);
                    }

                    //create new read-only permission for whole realm (everyone-role)
                    var permission = Permission.Get(everyone, realm);
                    permission.CanCreate = false;
                    permission.CanDelete = false;
                    permission.CanModifySchema = false;
                    permission.CanSetPermissions = false;
                    permission.CanUpdate = false;
                    permission.CanRead = true;
                    permission.CanQuery = true;

                    //create new full-house permission for whole realm (admin-role)
                    permission = Permission.Get(admin, realm);
                    permission.CanCreate = true;
                    permission.CanDelete = true;
                    permission.CanModifySchema = true;
                    permission.CanSetPermissions = true;
                    permission.CanUpdate = true;
                    permission.CanRead = true;
                    permission.CanQuery = true;

                    //add user to admin role
                    var users = admin.Users.ToArray();
                    if (users.All(x => x.Identity != user.Identity))
                    {
                        admin.Users.Add(user);
                    }
                });

ALSO I’ve tried to set object level permissions for one entity.
I also could not manage to do that. Other users still can query/read the object.
In realm studio the “Permissions” property of the object remains empty. I don’t know why:

                        //create new PointAccountSummary
                        existing = new PointAccountSummary
                        {
                            Id = key,
                            CompanyId = message.CompanyId,
                            UserId = message.UserId
                        };
                        realm.Add(existing, true);

                        //Apply permissions to the new PointAccountSummary
                        //Read-only permissions for the owner user
                        var userId = Guid.Parse(message.UserId).ToString("N");
                        var role = PermissionRole.Get(realm, $"__User:{userId}");
                        Permission permission = Permission.Get(role, existing);
                        permission.CanRead = true;
                        permission.CanQuery = true;
                        realm.Add(permission, true);
                        existing.Permissions.Add(permission);

                        //Full permissions for admin
                        role = PermissionRole.Get(realm, $"admin");
                        permission = Permission.Get(role, existing);
                        permission.CanRead = true;
                        permission.CanQuery = true;
                        permission.CanUpdate = true;
                        permission.CanDelete = true;
                        permission.CanModifySchema = true;
                        permission.CanSetPermissions = true;
                        permission.CanCreate = true;
                        realm.Add(permission, true);
                        existing.Permissions.Add(permission);

#2

Does anyone has any idea? Really can’t find any solution for this.
Can’t use it without getting this working … don’t want to switch the technology.


#3

I’m on my phone and can’t check it right now, but I would not remove all permissions - that should not be necessary. Also, I would invert adding the user to the admin role and locking down the everyone role. So finally, it would look something like:

var adminRole = PermissionRole.Get(realm, "admin");
adminRole.Users.Add(User.Current);

var adminPermission = Permission.Get(realm, adminRole);
adminPermission.CanRead = true;
adminPermission.CanUpdate = true;
adminPermission.CanSetPermissions = true;
adminPermission.CanModifySchema = true;

var everyoneRole = PermissionRole.Get(realm, "everyone");
var everyonePermission = Permission.Get(realm, everyoneRole);
everyonePermission.CanRead = true;
everyonePermission.CanUpdate = false;
everyonePermission.CanSetPermissions = false;
everyonePermission.CanModifySchema = false;

#4

Thanks for your reply.
I’ve tried that and if I run this code again the “everyonePermission” has again all permissions set to true.
If I set it to false again, commit/sync and restart again the same issue occurs. Do I have to subscribe to the Permission object or something like that?


#5

Finally got it working.
I’ve set an explict subscription to the PermissionRole and Permission and used the WaitForSynchronization method.
Thanks again for your help!