Realm with Atlas rules/permissions that check userId from document on different collection

MongoDB Atlas App Services & Realm
, ,
1

Hello, hope you all are doing well.

I’m trying to figure out the best scenario/structure for a new application using Realm/Atlas with flutter. The app is more like a note/to-do/reminders all together. In general we are planning to split DB on tables where each user has ability to write/read/view his own data and data from groups the user is in. Following is a sample of the DB structure:

image
image1082×652 59.5 KB

  • Each user will have his own profile (UserData).
  • Each user can great many groups on (mainGroupData) collection, where only the group_owner can edit/delete/view the group document data. Furthermore, group owner can add other users where each have different permissions saved on array as (groupUserProfile).
  • Group owner and users with specific permission can add/delete documents on (innerGroup) and (innerList_x) collections.
    Only group owner and users on the group can view/sync data from Atlas cloud.

On the documents, rules can be applied to each collection which specify read/write/view permissions only if ("ownerId": "%%user.id") match, but how can those rules be linked to (mainGroupData) collection and allow only user with id that match “owner_id” or “user_id” from (groupUserProfile)?

I can’t use impeded arrays on (innerGroup, innerList_x) collections, as each list can have unlimited objects. For the same reason, can’t use relational data by saving a list of “_id”.
Also, not sure how can get permission for user to read/write documents on (innerList_x) as each will reference the _id of (innerGroup) which is assigned to! Same for (innerList_4) and (innerGroup) which reference (mainGroupData) id.

Other scenarios I like to get feedback about:

  • If each document on a collection (innerList_x, innerGroup …etc) will have owner_id and a list of users_id, Syncing data will be straight forward as users can only sync data if their id match. However, that also will mean each time a group_owner add or remove users, a loop for all linked data on all collection must be operated to add/remove the user_id on each document. Which also will mean, all other users will have to re-sync all data again for each collection. Is this right?

I would appreciate your support and if there are better approach for this, or a documents where I can read and try.

Thanks.