From d2ae02a668fe79c7b9f4c32601718b2997b1a4af Mon Sep 17 00:00:00 2001 From: Chris Bush Date: Wed, 22 Feb 2023 15:42:58 -0500 Subject: [PATCH] Update for Rules v2: remove "Device Sync Permissions" (#2581) ## Pull Request Info ### Jira - https://jira.mongodb.org/browse/DOCSP-26779 ### Staged Changes - https://docs-mongodbcom-staging.corp.mongodb.com/realm/docsworker-xlarge/permissions-v2/ ### Reminder Checklist If your PR modifies the docs, you might need to also update some corresponding pages. Check if completed or N/A. - [x] Create Jira ticket for corresponding docs-app-services update(s), if any - [x] Checked/updated Admin API - [x] Checked/updated CLI reference ### Review Guidelines [REVIEWING.md](https://github.com/mongodb/docs-realm/blob/master/REVIEWING.md) --- .../flutter/sync/write-to-synced-realm.txt | 39 +++++------ .../sdk/swift/sync/write-to-synced-realm.txt | 68 +++++++++---------- 2 files changed, 49 insertions(+), 58 deletions(-) diff --git a/source/sdk/flutter/sync/write-to-synced-realm.txt b/source/sdk/flutter/sync/write-to-synced-realm.txt index c38c2623d6..ae39d21145 100644 --- a/source/sdk/flutter/sync/write-to-synced-realm.txt +++ b/source/sdk/flutter/sync/write-to-synced-realm.txt @@ -29,25 +29,20 @@ Device Sync is configured with the following queryable fields: - ``miles`` - ``ownerId`` -Device Sync has permissions configured to let users read and write only their own -data: +The App Services App has permissions configured to let users read and write only +their own data: .. code-block:: json { - "rules": {}, - "defaultRoles": [ - { - "name": "owner-read-write", - "applyWhen": {}, - "read": { - "ownerId": "%%user.id" - }, - "write": { - "ownerId": "%%user.id" - } - } - ] + "name": "owner-read-write", + "apply_when": {}, + "document_filters": { + "read": { "ownerId": "%%user.id" }, + "write": { "ownerId": "%%user.id" } + }, + "read": true, + "write": true } The examples on this page use the following schema: @@ -72,12 +67,14 @@ of the following: the write reverts with a non-fatal compensating write error (ErrorCompensatingWrite). - To learn more about compensating write errors and how to avoid them, refer to the :ref:`Compensating Writes ` section. -- **The Device Sync permissions** in your App Services App. - - If your try to write data that doesn't match the Device Sync permissions expression, - the write reverts with a non-fatal permission denied error (ErrorPermissionDenied). - - To learn more about configuring Device Sync permissions for your app, - refer to :ref:`sync-rules` and the :ref:`flexible-sync-permissions-guide` - in the App Services documentation. +- **The permissions** in your App Services App. + - If your try to write data that doesn't match the permissions expression, + the write reverts with a non-fatal permission denied error. In the client, + this shows as an error (ErrorCompensatingWrite). On the server, you can see more + details about how the write was denied was by a write filter in the role. + - To learn more about configuring permissions for your app, see + :ref:`sync-rules` and the :ref:`flexible-sync-permissions-guide` in the + App Services documentation. To learn more about permission denied errors, compensating write errors and other Device Sync error types, refer to :ref:`sync-errors` in the App Services documentation. diff --git a/source/sdk/swift/sync/write-to-synced-realm.txt b/source/sdk/swift/sync/write-to-synced-realm.txt index 1a65348560..4d598515e7 100644 --- a/source/sdk/swift/sync/write-to-synced-realm.txt +++ b/source/sdk/swift/sync/write-to-synced-realm.txt @@ -23,15 +23,14 @@ of the following: - **The sync subscription query.** - If your write operation doesn't match the query in the subscription, the write reverts with a non-fatal compensating write error (ErrorCompensatingWrite). -- **The Device Sync permissions** in your App Services App. - - If your try to write data that doesn't match the Device Sync permissions expression, - the write reverts with a non-fatal permission denied error. - In the client, this shows as an (ErrorCompensatingWrite). On the server, - you can see more details about how the write was denied was by a - write filter in the role. - - To learn more about configuring Device Sync permissions for your app, - refer to :ref:`sync-rules` and the :ref:`flexible-sync-permissions-guide` - in the App Services documentation. +- **The permissions** in your App Services App. + - If your try to write data that doesn't match the permissions expression, + the write reverts with a non-fatal permission denied error. In the client, + this shows as an error (ErrorCompensatingWrite). On the server, you can see more + details about how the write was denied was by a write filter in the role. + - To learn more about configuring permissions for your app, see + :ref:`sync-rules` and the :ref:`flexible-sync-permissions-guide` in the + App Services documentation. .. warning:: Multiprocess Sync is Not Supported @@ -42,40 +41,35 @@ of the following: Determining What Data Syncs --------------------------- -The data that you can write to a synced realm is the intersection of your -Device Sync configuration - your queryable fields and permissions - and the -Flexible Sync subscription query that you use when you open the realm. +The data that you can write to a synced realm is the intersection of your Device +Sync configuration, your permissions, and the Flexible Sync subscription query +that you use when you open the realm. The examples on this page use the following configurations and models: -Device Sync Configuration -~~~~~~~~~~~~~~~~~~~~~~~~~ +App Services Configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~ Device Sync is configured with the following queryable fields: -- ``_id`` (this is a queryable field in every Device Sync configuration) +- ``_id`` (always included) +- ``miles`` - ``ownerId`` -- ``complexity`` -Device Sync has permissions configured to let users read and write only their own +The App Services App has permissions configured to let users read and write only their own data: .. code-block:: json { - "rules": {}, - "defaultRoles": [ - { - "name": "owner-read-write", - "applyWhen": {}, - "read": { - "ownerId": "%%user.id" - }, - "write": { - "ownerId": "%%user.id" - } - } - ] + "name": "owner-read-write", + "apply_when": {}, + "document_filters": { + "read": { "ownerId": "%%user.id" }, + "write": { "ownerId": "%%user.id" } + }, + "read": true, + "write": true } Client Data Model and Configuration @@ -96,8 +90,8 @@ is less than or equal to ``4``: What Data Syncs? ~~~~~~~~~~~~~~~~ -The subscription query combined with the Device Sync permissions mean -that the synced realm only syncs objects where: +The subscription query combined with the permissions mean that the synced realm +only syncs objects where: - The ``ownerId`` matches the ``user.id`` of the logged-in user (from the permissions) - The ``complexity`` property's value is less than or equal to ``4`` (from the subscription query) @@ -124,11 +118,11 @@ Writes to Flexible Sync realms may broadly fall into one of two categories: Successful Writes ~~~~~~~~~~~~~~~~~ -When the write matches both the :ref:`Device Sync permissions ` -and the :ref:`Flexible Sync subscription query -` in the client, the Realm Swift SDK -can successfully write the object to the synced realm. This object syncs -with the App Services backend when the device has a network connection. +When the write matches both the :ref:`permissions ` and the +:ref:`Flexible Sync subscription query +` in the client, the Realm Swift SDK +can successfully write the object to the synced realm. This object syncs with +the App Services backend when the device has a network connection. .. literalinclude:: /examples/generated/code/start/SyncedRealmCRUD.snippet.successful-write.swift :language: swift