Failed to sync: trying to use public realm about dexie.js HOT 7 OPEN

I've been studying the example at https://dexie.org/cloud/docs/access-control#example-a-simple-project-management-model but I'm completely at a loss. It looks like, to use the public realm, I just need to add the following to the creation of the database:

this.version(2).stores({
	tunes: '@id, name, abc, leader, roadMap, countOff, key, bpm',
	lists: '@id, name',
	tunesInLists: '[tuneId+listId+order],tuneId,listId,order',
	metaNames: '@id, tabTitle',
	// Access Control tables
	// (Note: these tables need to be named exactly like in this sample,
	//        and will correspond to server-side access control of Dexie
	//        Cloud)
	realms: "@realmId",
	members: "@id,[realmId+email]",
	roles: "[realmId+name]",
});

Then to put some data in the public realm, I added the realmId:

const publicRealm = 'rlm-public'
export async function putTune(tune:Tune) {
	tune.realmId = publicRealm
	await db.tunes.put(tune);
	return tune
}

That appears to silently fail. The data isn't added to IndexedDB but there is no exception written.

Is there a complete example for using the public realm? I must be missing a step.

from dexie.js.

Public realm can only be written to using the CLI or the REST api. It's not possible to give write-access to anyone in it. You'd need to create a custom realm and give appropriate permissions to people on it.

If inspecting the response from the sync call, you'll see that there is an item in the rejections property - that the put-operation was rejected due to access control rules. The server will send back changes that result in a rollback of the forbidden put-operation.

from dexie.js.

Thanks for the quick response.

I did find the response from the sync call, but it got lost in all the console messages. (I don't know how I'd detect that from inside code so that I could display an error message, though.)

It does say:

name: 'PermissionsDeniedError', message: 'User ${my-email} (${my-email}) is not authorized to add lists in realm rlm-public',

But that's the only user in the system and definitely the one that created the db.

According to this:

Public data can either be populated using the REST API or using Dexie.js after having logged in as a user with the right permissions for that, such as the user who created the database - that user is automatically listed as a member in the public realm with full permissions.

I thought this qualified.

I would love a complete example of putting data into the public realm. I've been working off of "A Simple Project Management Model" example.

I'll try to rewrite this using the REST api, I guess, but I still don't understand why my user wasn't authorized.

from dexie.js.

Oh I see that the docs might be confusing in that sense - need to update it. The easiest way to put data in public realm is probably to do:

npx dexie-cloud import importfile.json

Where the importfile.json could be something like the example from the docs: https://dexie.org/cloud/docs/cli#import-file-example-for-creating-or-updating-data:

{
  "data": {
    "rlm-public": {
      "products": {
        "prd1": {
          "price": 60,
          "title": "Black T-shirt, size M",
          "description": "A nice black T-shirt (medium2)"
        },
        "prd2": {
          "price": 70,
          "title": "Blue Jeans",
          "description": "Stone washed jeans"
        }
      }
    }
  }
}

If the primary keys are "@"-keys, there's a rule that they must all start with a prefix that is the first letter + the lowercase version of the two remaining consonants or uppercase letters of the table name "prd" for "products", "usr" for "users", "tdi" for "todoItems", etc. Their content need not to repeat inbound primary keys or realmId.

from dexie.js.

Thanks. That will work for the moment so I can do some testing. I will need to update that data in the client eventually (which is running serverless)

(Note: my first app using this is kind of like a blog - an administrator logs in and does some CRUD and anyone visiting the website can read it without logging in.)

from dexie.js.

I see the use case. It might be worth revisiting the requirement and allow database admins to inherit their full access control also when logging in to the app. I've heard similar questions before.

from dexie.js.

I did an export of my database, then copied everything that was under my email to the rlm-public and imported it. It appears to have deleted the data from my private instance. I guess that means that the keys are global and I need to change them. So my data now starts with:

  "data": {
    "rlm-public": {
      "lists": {
        "lst0Oc7D|rosNtRuQt5Fk|KEzFBnet": {
          "name": "Current Repertoire",
          "owner": "[email protected]",
          "tunes": []
        },

I guess what I need to do is write a little processing script to modify the ids. I notice that it added "owner" but your example doesn't have it so I guess I should remove that, too.

For the short run I'll need two parallel db: one for the admin program to read and manipulate, then a "deploy" function that copies that over to public.

from dexie.js.