Hello Bubble community! 
I’m currently working on a social networking application, and I’ve encountered a challenge related to post visibility. The structure of my data is as follows: Users, Posts, and Friendships. Users can establish multiple friendships and create numerous posts. My goal is to configure the system so that only friends of a user can view their posts. Given that a user may have an extensive network of friends, potentially exceeding 100, appending a “friends” attribute directly to each post could be detrimental to performance.
My question revolves around the use of privacy rules to manage data access. Would it be advisable to create a PostVisibility data type? This table would have a PostID column linked to the Post data type and a UserID column for the friend who can view the post. When a user creates a post, I would insert a new record into the Post table and then populate the PostVisibility table with entries for each friend. To retrieve the posts visible to a specific user, I would perform a query that joins the Posts, Users, and PostVisibility tables, filtering by the user’s ID in the PostVisibility table.
Is this a good approach, or could there be a more efficient method? Also, if I introduce a Comment data type that allows friends to comment on posts, should the PostVisibility concept be extended to comments to maintain privacy?
I am looking for a database architecture that supports both efficient and secure viewing permissions through privacy rules that ensure posts are accessible only to friends. I’m eager to learn of any strategies or best practices that might effectively address this situation. If anyone has faced a similar challenge, or can offer insights into setting up such permission structures, your guidance would be invaluable. Thanks in advance.