Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update for Rules v2: remove "Device Sync Permissions" #2581

Merged
merged 2 commits into from
Feb 22, 2023
Merged

Update for Rules v2: remove "Device Sync Permissions" #2581

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f54a2bc
Update for Rules v2: remove "Device Sync Permissions"
cbush Feb 13, 2023
5885ea9
Undo mention of queryable fields
cbush Feb 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 18 additions & 27 deletions source/sdk/flutter/sync/write-to-synced-realm.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,31 +23,20 @@ The examples on this page use an Atlas App Services App with the following
Device Sync configuration and a client app with the following Realm SDK
data model and subscriptions.

Device Sync is configured with the following queryable fields:
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed because queryable fields are now automatically determined.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought this was only when Development Mode is enabled?

If this is true when Development Mode is enabled, we should call that out instead of just removing this - i.e. "If Development Mode is enabled, Sync can automatically determine queryable fields from your Flexible Sync query. If Development Mode is not enabled, add these queryable fields."

Related, if this is true when Development Mode is enabled, then we can probably remove this info from all of the Quick Starts? I think they all have a bullet in the Device Sync prerequisites about configuring queryable field, but they also say to enable Development Mode, so this would be unnecessary there.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Related, there is also mention of configuring queryable fields on the "Manage Flexible Sync Subscription" pages: https://www.mongodb.com/docs/realm/sdk/swift/sync/flexible-sync/#subscribe-to-queryable-fields

We might want to add something there about not needing to do this if Development Mode is enabled?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And in the "Add Device Sync to an App" page that exists in Swift: https://www.mongodb.com/docs/realm/sdk/swift/sync/add-sync-to-app/

Flutter has the same page but the verbiage there is slightly different so I don't think it needs any updates relative to queryable fields.


- ``_id`` (always included)
- ``miles``
- ``ownerId``

Device Sync has permissions configured to let users read and write only their own
data:
The App Services App has permissions configured to let users read and write only
their own data:

.. code-block:: json

{
"rules": {},
"defaultRoles": [
{
"name": "owner-read-write",
"applyWhen": {},
"read": {
"ownerId": "%%user.id"
},
"write": {
"ownerId": "%%user.id"
}
}
]
"name": "owner-read-write",
"apply_when": {},
"document_filters": {
"read": { "ownerId": "%%user.id" },
"write": { "ownerId": "%%user.id" }
},
"read": true,
"write": true
}

The examples on this page use the following schema:
Expand All @@ -72,12 +61,14 @@ of the following:
the write reverts with a non-fatal compensating write error (ErrorCompensatingWrite).
- To learn more about compensating write errors and how to avoid them,
refer to the :ref:`Compensating Writes <flutter-compensating-writes>` section.
- **The Device Sync permissions** in your App Services App.
- If your try to write data that doesn't match the Device Sync permissions expression,
the write reverts with a non-fatal permission denied error (ErrorPermissionDenied).
- To learn more about configuring Device Sync permissions for your app,
refer to :ref:`sync-rules` and the :ref:`flexible-sync-permissions-guide`
in the App Services documentation.
- **The permissions** in your App Services App.
- If your try to write data that doesn't match the permissions expression,
the write reverts with a non-fatal permission denied error. In the client,
this shows as an error (ErrorCompensatingWrite). On the server, you can see more
details about how the write was denied was by a write filter in the role.
- To learn more about configuring permissions for your app, see
:ref:`sync-rules` and the :ref:`flexible-sync-permissions-guide` in the
App Services documentation.

To learn more about permission denied errors, compensating write errors
and other Device Sync error types, refer to :ref:`sync-errors` in the App Services documentation.
Expand Down
64 changes: 26 additions & 38 deletions source/sdk/swift/sync/write-to-synced-realm.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,14 @@ of the following:
- **The sync subscription query.**
- If your write operation doesn't match the query in the subscription,
the write reverts with a non-fatal compensating write error (ErrorCompensatingWrite).
- **The Device Sync permissions** in your App Services App.
- If your try to write data that doesn't match the Device Sync permissions expression,
the write reverts with a non-fatal permission denied error.
In the client, this shows as an (ErrorCompensatingWrite). On the server,
you can see more details about how the write was denied was by a
write filter in the role.
- To learn more about configuring Device Sync permissions for your app,
refer to :ref:`sync-rules` and the :ref:`flexible-sync-permissions-guide`
in the App Services documentation.
- **The permissions** in your App Services App.
- If your try to write data that doesn't match the permissions expression,
the write reverts with a non-fatal permission denied error. In the client,
this shows as an error (ErrorCompensatingWrite). On the server, you can see more
details about how the write was denied was by a write filter in the role.
- To learn more about configuring permissions for your app, see
:ref:`sync-rules` and the :ref:`flexible-sync-permissions-guide` in the
App Services documentation.

.. warning:: Multiprocess Sync is Not Supported

Expand All @@ -42,40 +41,29 @@ of the following:
Determining What Data Syncs
---------------------------

The data that you can write to a synced realm is the intersection of your
Device Sync configuration - your queryable fields and permissions - and the
Flexible Sync subscription query that you use when you open the realm.
The data that you can write to a synced realm is the intersection of your Device
Sync configuration, your permissions, and the Flexible Sync subscription query
that you use when you open the realm.

The examples on this page use the following configurations and models:

Device Sync Configuration
~~~~~~~~~~~~~~~~~~~~~~~~~

Device Sync is configured with the following queryable fields:

- ``_id`` (this is a queryable field in every Device Sync configuration)
- ``ownerId``
- ``complexity``

Device Sync has permissions configured to let users read and write only their own
data:

.. code-block:: json

{
"rules": {},
"defaultRoles": [
{
"name": "owner-read-write",
"applyWhen": {},
"read": {
"ownerId": "%%user.id"
},
"write": {
"ownerId": "%%user.id"
}
}
]
"name": "owner-read-write",
"apply_when": {},
"document_filters": {
"read": { "ownerId": "%%user.id" },
"write": { "ownerId": "%%user.id" }
},
"read": true,
"write": true
}

Client Data Model and Configuration
Expand All @@ -96,8 +84,8 @@ is less than or equal to ``4``:
What Data Syncs?
~~~~~~~~~~~~~~~~

The subscription query combined with the Device Sync permissions mean
that the synced realm only syncs objects where:
The subscription query combined with the permissions mean that the synced realm
only syncs objects where:

- The ``ownerId`` matches the ``user.id`` of the logged-in user (from the permissions)
- The ``complexity`` property's value is less than or equal to ``4`` (from the subscription query)
Expand All @@ -124,11 +112,11 @@ Writes to Flexible Sync realms may broadly fall into one of two categories:
Successful Writes
~~~~~~~~~~~~~~~~~

When the write matches both the :ref:`Device Sync permissions <sync-rules>`
and the :ref:`Flexible Sync subscription query
<swift-manage-flexible-sync-subscriptions>` in the client, the Realm Swift SDK
can successfully write the object to the synced realm. This object syncs
with the App Services backend when the device has a network connection.
When the write matches both the :ref:`permissions <permissions>` and the
:ref:`Flexible Sync subscription query
<swift-manage-flexible-sync-subscriptions>` in the client, the Realm Swift SDK
can successfully write the object to the synced realm. This object syncs with
the App Services backend when the device has a network connection.

.. literalinclude:: /examples/generated/code/start/SyncedRealmCRUD.snippet.successful-write.swift
:language: swift
Expand Down