I have a use case where I want users to be able to comment on posts. I plan on doing this by having one realm for all comments and then subscribing to a filtered version of the realm for each post that is currently visible to the user. I hope that won't have any performance issues but that is not my primary concern right now.
The simplest way for users to be able to make new comments would be to have public write access on this realm. I could then possibly use server events to delete comments sent to posts that a user never received. The docs don't say anything to make me think it is possible, but can I see the id of the user that made an insertion?
Another problem with public write is that anyone will be able to delete or change any comment. I could just undo any changes/deletes with server events but I would much prefer the realm having a permission whereby any non admin is simply allowed to only insert new items. Is this possible?
The only alternative I can think of is to make the realm read only and route comment creation through backend code. My problem here is that it makes my system a bit more complex and comments are not immediately added to the local database on my app which could be bad for user experience.