Suggested strategy for sharing objects between users

Parse has some nice tools for the sharing of objects through its ACLs and Role based hierarchy, however I’ve found this very limiting when you have to optionally 100’d or 1000’s of objects at a users request.

Use case
Suppose we have an app where users create content (i.e. posts, images, favourites etc) and they would like to optionally share that content with other users or within a team of users.

The creation of Team is quite easy and Parse gives us the Role capability so we can group all the users within a team and give them a role. We can then assign that role as an ACL to each object that needs to be shared within the Team. Simple, however, there becomes a point where the updating of 1000’s of objects with new ACLs becomes cumbersome, performance intensive and just a little worrying if I’m being honest!

So, is there a method or strategy that anyone has developed, such as using some sort of join-class in order to flexibly manage the sharing of content between users. Obviously if there isn’t an ACL on the object that is being shared then we are in dangerous territory of using masterKey to read / write to said objects. Then we bring in the permissions of Read and Write and how we can manage those at scale!

I’ve considered creating some sort of shareTable which maintains the access permissions the people:objects however, it seems there is no getting away from having to run ACLs on the individual objects, unless you want to go fully bespoke and manage all permissions yourself… not something I’m keen on doing for obvious reasons.

If anyone has any suggestions of examples of running a flexible permission based sharing system like this I’m all ears.

Many thanks

Here it goes some ideas:

  • You can have a role per user (let’s say UserXSharedObjects) which reads all objects of user X. When user X shares his objects to someone else Y, you just need to assign role UserXSharedObjects to user Y.
  • You can control the objects that each user has access (both for owned and objects shared to them) via beforeFind or beforeAfter triggers.
  • You can only allow users to find their own objects and create a cloud code function (which uses master key) to find the objects that were shared to them.

Hmmm, interesting, I particularly like the first option, that has huge potential and is a very ‘Parse’ way of doing things.

Thank you very much for taking the time to reply.