How to share documents with multiple users?

I have a scenario, where my user might want to invite another person to share some or all of his/her documents.

The second user would use the same documents, not create his/her own documents. All the new stuff created by this second user would actually end up being the first user’s stuff.

My first idea was to create a new property for the second user, primaryUserId or something similar. Then, when subscribing for documents based on user’s _id, I would always check if primaryUserId is set and if so, use that as the _id instead.

The same when saving documents, if the user has primaryUserId set, then set the document’s owner to that user id.

Then again, I’m afraid I might have to restrict the seconary user’s access to some of the documents, or to be more specific, some parts of the application (and therefore, the related documents).

To do that, I thought maybe making the owner id -property an array that can store multiple user id’s. This starts to feel like a hassle, there has to be a nicer way.

Then we have the alanning:roles -package. I haven’t used it yet, but I think I could maybe define the primary users to their own global group and then let the primary user to assign roles for the secondary user to allow access to different sections of the app (and use the primaryUserId as the group value).

I guess basically I’m looking for some sort of lightweight ACL solution in Meteor.

###Any input on the best way in Meteor to achieve this?###

An acl array field works fine (I would say you also want to keep the original owner in a separate field to easily identify the owner). Easy to just push/pull into acl array, and to use acl as part of your search criteria as required.

Using this ACL array field -method, if a user wants to give access to the secondary user, basically I have to crawl through each and every document where the owner’s _id is defined and add the secondary user’s _id to an ACL array -property on the same document.

I’m wondering, if there would be a neat pattern to bypass this…

My first idea was to check in the publish-functions, if the current user has this primaryUserId-property set and then just use that for finding documents, but Meteor won’t allow the use of Meteor.user() inside publish-functions. Only this.userId is available for getting a handle on the user.

So, I created a helper function that takes a userId, finds the user, checks if the primaryUserId-property is present, and either returns that or the initial userId. It works.

This of course adds an additional Mongo query for each and every publish-call, and I’m wondering if this is for some reason a really stupid way of achieving my goal? Is there a better way?

Anybody? No-one ever been down this road? :slight_smile:

Could you make use of subscription arguments rather than the helper?

Keep the owner field.

Push an object into to all documents of the current user into an array. That way you can expand later with for example a read only flag on some documents.

It’s just one query, not a very hard operation.

Then publish all documents to a user where his id is in the list. I would also add the owner to the array, that makes it even simpler.

No special tricks needed.

Be aware that your insert new document also adds all friends if a user wants to share all documents.

That is really the most basic way to do this.