Working on an app that is catered towards athletic organizations. I have a field on the type user of “teams” which includes a list of all the teams a given user is a part of. I also have a field “role” on users that can be Admin, Coach, or Athlete (the basic user).
I’m trying to make sure that Coaches are only able to see users that are members of teams that appear in their list of teams. i.e. I don’t want the soccer coach who is a member of the JV soccer and Varsity soccer teams to be able to see an athlete’s profile unless they’re on one of those teams.
That puts me in a weird situation for the data privacy rule - trying to scope it to “current user’s role is Coach and this user’s teams contains (this is where it breaks down) at least one team that is also contained in current user’s teams.”
Hope that makes sense. Any ideas? I’ve thought about breaking out team membership into a separate table/type which might help here but thought that the multiple items in a list thing could make it easier.